Configure IP addresses on Citrix Gateway
You can configure IP addresses to log on to the configuration utility and for user connections. Citrix Gateway is configured with a default IP address of 192.168.100.1 and subnet mask of 255.255.0.0 for management access. The default IP address is used whenever a user-configured value for the system IP (NSIP) address is absent.
- NSIP address. The management IP address for Citrix Gateway that is used for all management-related access to the appliance. Citrix Gateway also uses the NSIP address for authentication.
- Default gateway. The router that forwards traffic from outside the secure network to Citrix Gateway.
- Subnet IP (SNIP) address. The IP address that represents the user device by communicating with a server on a secondary network.
The SNIP address uses ports 1024 through 64000.
How Citrix Gateway uses IP addresses
Citrix Gateway sources traffic from IP addresses based on the function that is occurring. The following list describes several functions and the way Citrix Gateway uses IP addresses for each, as a general guideline:
Authentication. The IP address that Citrix Gateway uses depends on the authentication server type.
- LDAP/RADIUS/TACACS servers. If AAAD directly communicates with the authentication virtual server, then the NSIP address is used.
- If a load balancer is used as proxy, then the load balancer uses the SNIP address for authentication. AAAD uses the NSIP address to communicate with the load balancer. The IP address that the Citrix ADC uses depends on the entity that is communicating with the authentication virtual server.
- SAML/OAUTH/WEBAUTH servers: These servers communicate using the SNIP address.
- File transfers from the home page. Citrix Gateway uses the SNIP address.
- DNS and WINS queries. Citrix Gateway uses the SNIP address.
- Network traffic to resources in the secure network. Citrix Gateway uses the SNIP address or IP pooling, depending on the configuration on Citrix Gateway.
- ICA proxy setting. Citrix Gateway uses the SNIP address.
Subnet IP addresses
The subnet IP address allows the user to connect to Citrix Gateway from an external host that resides on another subnet. When you add a subnet IP address, a corresponding route entry is made in the route table. Only one entry is made per subnet. The route entry corresponds to the first IP address added in the subnet.
Unlike the system IP address and the mapped IP address, it is not mandatory to specify the subnet IP address during the initial configuration of Citrix Gateway.
The mapped IP address and subnet IP addresses use ports 1024 through 64000.
- In the configuration utility, on the Configuration tab, in the navigation pane, expand System \ > Network, and then click IPs.
- In the details pane, click Add.
- In the Create IP dialog box, in IP Address, type the IP address.
- In Netmask, type the subnet mask.
- Under IP Type, select Subnet IP, click Close, and then click Create.
Configure IPv6 for user connections
You can configure Citrix Gateway to listen for user connections by using Internet Protocol version 6 (IPv6). When you configure one of the following settings, you can select the IPv6 check box and then enter the IPv6 address in the dialog box:
- Global Settings - Published Applications - ICA Proxy
- Global Authentication - RADIUS
- Global Authentication - LDAP
- Global Authentication - TACACS
- Session Profile - Published Applications - ICA Proxy
- Citrix Gateway Virtual Servers
- Create Authentication Server - RADIUS
- Create Authentication Server - LDAP
- Create Authentication Server - TACACS
- Create Auditing Server
- High Availability Setup
- Bind / Unbind Route Monitors for High Availability
- Virtual server (Load Balancing)
When you configure the Citrix Gateway virtual server to listen on an IPv6 address, users can connect only with Citrix Workspace app. User connections with the Citrix Secure Access agent are not supported with IPv6.
You can use the following guidelines for configuring IPv6 on Citrix Gateway:
- Citrix Virtual Apps and Web Interface. When you configure IPv6 for user connections and if there is a mapped IP address that uses IPv6, Citrix Virtual Apps and Web Interface servers can also use IPv6. The Web Interface must be installed behind Citrix Gateway. When users connect through Citrix Gateway, the IPv6 address is translated to IPv4. When the connection returns, the IPv4 address is translated to IPv6.
- Virtual servers. You can configure IPv6 for a virtual server when you run the Citrix Gateway wizard. In the Citrix Gateway wizard on the Virtual Servers page, click IPv6 and enter the IP address. You can only use configure an IPv6 address for a virtual server by using the Citrix Gateway wizard.
- Other. To configure IPv6 for ICA Proxy, authentication, auditing, and high availability, select the IPv6 check box in the dialog box and then type the IP address.