Table of Contents
Overview
When configuring Citrix Gateway as a SSLVPN with assigned Intranet IP-Pools (IIP), it’s not possible to use more than one active session from the same user on a different device, per default.
There is an old article showing two options, but both isn’t todays state of the art.
First, I’m always assigning IIP-Pools to AAA Groups, never to AAA Users.
Second, Spillover isn’t a real-world option, as the SNIP acts as the Users source IP.
Configuration
There is a simple hidden command which will extend concurrent sessions to a maximum of 10. Every session gets assigned with an IIP. I’ve tested successfully with 13.0 and 13.1 Firmware. The command hits globally.
The cli for increasing up to 3 is set vpn parameter -maxIIPperUser 3
To make that command persistent, also during a reboot of the NetScaler, edit the /nsconfig/rc.netscaler file as follows:
nscli -U 127.0.0.1:Systemuser:Password "set vpn parameter -maxIIPperUser 3" #Example nscli -U 127.0.0.1:nsroot:nsroot "set vpn parameter -maxIIPperUser 3"
Summary
I hope this Quickpost will save you some time when trying to achieve concurrent SSLVPN sessions from the same users on different devices.
Great stuff!