I tried to allow the end user to access Citrix XenApp through encryped channel with ASA clientless SSL VPN. However, I encoutner an error message when execute the program on Citrix platform. I suspect one of the Citrix port number 2598/tcp is dropped by ASA. I look at the ACL in clientless configuration, unfortunately it only shows the web filter (only have https,http,tcp/1494 but cannot custom the port number) not including the traditional one.
When I troubleshoot the issue by access the program through Anyconnect VPN, it can be opened normally and I could observe the 2598/tcp (from VPN client to XenApp server) in the access list rule. It would be appreciate that anybody could share the similar experience. Many thanks!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...