Gateway

Configuring outbound ICA Proxy

Outbound ICA Proxy configuration involves configuring the NetScaler LAN proxy and NetScaler Gateway.

Configure NetScaler LAN Proxy for ICA outbound proxy

You can perform the following steps to configure outbound ICA Proxy by using the CLI.

  • Add a VPN virtual server.

     add vpn vserver <name> <serviceType> [<IPAddress> [-range <positive_integer>] [-ipset <string>]] [<port>] [-state ( ENABLED | DISABLED )] [-authentication ( ON | OFF )] [-doubleHop ( ENABLED |DISABLED )]
     <!--NeedCopy-->
    
  • Set the VPN parameters.

     set vpn parameter[-backendServerSni ( ENABLED | DISABLED )][-backendCertValidation ( ENABLED | DISABLED )]
     <!--NeedCopy-->
    
  • Add an SSL certificate-key pair.

     add ssl certKey ca_cert_verify -cert <certificate name>
     <!--NeedCopy-->
    
  • Bind the SSL certificate-key pair globally.

     bind vpn global -cacert ca_cert_verify
     <!--NeedCopy-->
    

Example:

-  add vpn vserver ssl_lan_proxy SSL 65.219.17.34 443 -authentication OFF - doubleHop ENABLED

-  set vpn parameter backendserverSni ENABLED backendcertValidation ENABLED

-  add ssl certKey dnpg_ca -cert dnpg_ca_cert.cer

-  bind vpn global -cacert dnpg_ca

<!--NeedCopy-->

Note:

For SSL support on NetScaler LAN proxy, no changes are required in the NetScaler Gateway configuration.

Configuring outbound ICA Proxy