citrix with NAT, possible?

Question

I'm trying to have the following environment working:
APM app publishing for XenApp 6.52 XML broker and 2 ICA serversthe citrix environment is in a vCould with NAT. BIGIP sees the NATed addresses of all servers.
The broker part is working well as I get the apps publish on the webtop. The issue is when the receiver starts and the APM gets the XML file for app connection, we see inside that file following entries that are problematic

:1494
[...]
      :443
[..]

The result is that packet trace for the Receiver to APM shows only a couple of TLS handshakes without app data, then the APM terminates them. The receiver puts an error "network issue" (not SSL, as we have fixed all certificate/SSL issues previously). I guess it's because it cannot interpret/rewrite that XML file.
We must use NAT because of vCloud/topology and I'm stuck here. Any idea?
Thanks! Alexandre

amolari · Answer

formatting issue&nbsp;

"ICA_server_IP_physical":1494
[...]
      "FQDN_of_ICA_server":443
[..]
    
&nbsp;

amolari · Answer

anyone deployed xenapp with that topology?&nbsp;

arnaud_lemaire · Answer

Trying to understand, the problem is that the broker sends the internal IP, and the bigip cannot reach i, is that correct ?&nbsp;

matt_dierick · Answer

Alex,&nbsp;
On APM, if you check VDI check box, APM will insert SSL Proxy field in the ICA file so that Receiver join the hostname used to join APM instead of reaching internal or NATted IP addresses.&nbsp;
Did you used Citrix VDI apps ?
Do you see in ICA file public hostname or public IP address ?&nbsp;

Forum Discussion

citrix with NAT, possible?

4 Replies

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

ASM attack signatures not syncing between active and standby F5

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

VPN Communication Error with F5 BIG-IP Edge Client

simultaneous disabling / enabling of all LTM objects

Query on source IP preservation for syslog traffic through F5 virtual server

Related Content

Logging/Blocking possible prompt injection

Solution for Citrix Optimal Gateway Routing

Multi-Stores Citrix environment BIG-IP APM

Resolve Citrix Secure Ticket Authority (STA)

Citrix iApps

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS