Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix 515e to Citrix

Not sure how to do this but I have web page that I need to connect to. I'm told by the distant end inorder for me to connect to that webpage I need to specify it because it is going through there Citrix server. So inorder for my internal subnet to hit that webpage I need to target a specific IP and port number. The webpage is 10.254.23.41 port 512 my internal subnet is 10.245.181.0......so on my Pix all I need to do is this?

static (inside,outside) 10.254.23.0 10.245.181.0 netmask 255.255.255.0

3 REPLIES
New Member

Re: Pix 515e to Citrix

Confusing. That is what routing tables are for. Sounds like they just want you to test and see if you can connect to that IP/Port. You can do so by using telnet.

New Member

Re: Pix 515e to Citrix

Hi Adam;

Its a new website that is going over a Citrix server and they asked if I can get to it. I put in the https// address and receive:

page cannot be displayed

I informed the distant end of this and that is when they told me I need to allow the IP and port through my firewall but I thought that if you go from a higher secruity level to a lower you don't need to do so

New Member

Re: Pix 515e to Citrix

wgranada;

you are exactly right, however in the event you are using an outbound ACL as well as an inbound you'll have to open it up but normal practice is normally just an inbound ACL on smaller networks. So if that case isn't the case, I would recommend doing a few things to troubleshoot, one being a traceroute to the IP. Ensure your packets aren't getting dropped (however they may and this could be normal - however if it drops at your router then you've got some digging to do). The second and best test is to do a telnet to the IP and port and see if it connects or fails. example from dos: telnet 1.2.3.4 5900 .. so basically with this I am testing to see if port 5900/tcp is open on IP 1.2.3.4.

Hope that helps clear it up. Also if you have a friend that works behind a diff. network you could have him try to see if he can connect. If so then it may be easier to narrow down the source or the problem.

102
Views
0
Helpful
3
Replies