How to Configure a full VPN Setup on a NetScaler Gateway Appliance

This article contains information to configure a Virtual Private Network (VPN) setup on a NetScaler Gateway appliance.

Requirements

• SSL certificate: This should be installed and bound to the VPN Virtual Server (VServer).

  • CTX109260 -??How to Generate and Install a Public SSL Certificate on a NetScaler Appliance
  • CTX122521 -??How to Replace the Default Certificate of a NetScaler Appliance with a Trusted CA Certificate that Matches the Hostname of the Appliance
  • Citrix Documentation - Binding the Certificate-Key Pair to the SSL-Based Virtual Server
• Authentication profile: This should be created and functional on NetScaler Gateway.
  • For additional information,??refer to??Citrix Documentation - Configuring External User Authentication
  • For additional information, refer to??Checklist: Use AD FS to implement and manage single sign-on

• Download??Citrix??VPN Client

To configure a VPN setup on NetScaler Gateway appliance, complete the following procedure:

1. From NetScaler configuration utility, navigate to Traffic Management > DNS.

2. Select the Name Servers node, as shown in the following screen shot.
   Ensure that the DNS Name Server is listed. If it is not available, add a DNS Name Server.

   

3. Expand NetScaler Gateway > Policies.

4. Select the Session node.

5. Activate the Profiles tab of NetScaler Gateway Session Policies and Profiles page and click Add.
   Note: For each component you configure in the Configure NetScaler Gateway Session Profile dialog box, ensure that you select the Override Global option for the respective component.

6. Activate the Client Experience tab.

7. Type the intranet portal URL in the Home Page field.
   If??homepage parameter is set to "nohomepage.html", homepage will not be displayed. When the plug-in starts, a browser instance starts and gets killed automatically.

   

8. Ensure that OFF is selected from the Split Tunnel list.

9. Select OFF from the Clientless Access list.

   

10. Ensure that Windows/Mac OS X is selected from the Plug-in Type list.

11. Select the Single Sign-on to Web Applications option.

12. Ensure that the Client Cleanup Prompt option is selected, as shown in the following screen shot:

    

13. Activate the Security tab.

14. Ensure that ALLOW is selected from the Default Authorization Action list, as shown in the following screen shot:

    

15. Activate the Published Applications tab.

16. Ensure that OFF is selected from the ICA Proxy list under Published Applications option.

    

17. Click Create.

18. Click Close.

19. Activate the Policies tab of the NetScaler Gateway Session Policies and Profiles page.

20. Create a Session policy with a required??expression or ns_true, as shown in the following screen shot:

    

21. Bind the Session policy to the VPN virtual server.
    Go??to NetScaler Gateway virtual server > Policy. Choose the required session policy (in this example Session_Policy) from the drop-down list.

For configuration utility changes refer to the following links:

• Citrix Documentation -??NetScaler 10.1 Configuration Utility Changes

• Citrix Documentation -??NetScaler 10.5 Configuration Utility Changes

Download Citrix??VPN Client