Gateway

Configuring outbound ICA Proxy

Outbound ICA Proxy configuration involves configuring the Citrix ADC LAN proxy and Citrix Gateway.

Configure Citrix ADC LAN Proxy for ICA outbound proxy

You can perform the following steps to configure outbound ICA Proxy by using the CLI.

  • Add a VPN virtual server.

     add vpn vserver <name> <serviceType> [<IPAddress> [-range <positive_integer>] [-ipset <string>]] [<port>] [-state ( ENABLED | DISABLED )] [-authentication ( ON | OFF )] [-doubleHop ( ENABLED |DISABLED )]
     <!--NeedCopy-->
    
  • Set the VPN parameters.

     set vpn parameter[-backendServerSni ( ENABLED | DISABLED )][-backendCertValidation ( ENABLED | DISABLED )]
     <!--NeedCopy-->
    
  • Add an SSL certificate-key pair.

     add ssl certKey ca_cert_verify -cert <certificate name>
     <!--NeedCopy-->
    
  • Bind the SSL certificate-key pair globally.

     bind vpn global -cacert ca_cert_verify
     <!--NeedCopy-->
    

Example:

-  add vpn vserver ssl_lan_proxy SSL 65.219.17.34 443 -authentication OFF - doubleHop ENABLED

-  set vpn parameter backendserverSni ENABLED backendcertValidation ENABLED

-  add ssl certKey dnpg_ca -cert dnpg_ca_cert.cer

-  bind vpn global -cacert dnpg_ca

<!--NeedCopy-->

Configure Citrix Gateway for ICA Proxy

For details on configuring Citrix Gateway for ICA Proxy, see
https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/deploying-netscaler-gateway-in-ica-proxy-mode.pdf

Note: For SSL support on Citrix ADC LAN proxy, no changes are required in the Citrix Gateway configuration.

Configuring outbound ICA Proxy