Citrix NetScaler – Concurrent SSLVPN Sessions

Reading Time: < 1 minute

Table of Contents

Overview

When configuring Citrix Gateway as a SSLVPN with assigned Intranet IP-Pools (IIP), it’s not possible to use more than one active session from the same user on a different device, per default.

There is an old article showing two options, but both isn’t todays state of the art.

First, I’m always assigning IIP-Pools to AAA Groups, never to AAA Users.

Second, Spillover isn’t a real-world option, as the SNIP acts as the Users source IP.

Configuration

There is a simple hidden command which will extend concurrent sessions to a maximum of 10. Every session gets assigned with an IIP. I’ve tested successfully with 13.0 and 13.1 Firmware. The command hits globally.

The cli for increasing up to 3 is set vpn parameter -maxIIPperUser 3

To make that command persistent, also during a reboot of the NetScaler, edit the /nsconfig/rc.netscaler file as follows:

nscli -U 127.0.0.1:Systemuser:Password "set vpn parameter -maxIIPperUser 3"

#Example nscli -U 127.0.0.1:nsroot:nsroot "set vpn parameter -maxIIPperUser 3"

Summary

I hope this Quickpost will save you some time when trying to achieve concurrent SSLVPN sessions from the same users on different devices.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *