Notes from the field: Citrix Gateway DTLS fail-over UDP/TCP

On a recent troubleshoot a customer complained that after a failover all ICA sessions would do a fallback to TCP and not uplift again to UDP until the DTLS checkmark would be disabled/enabled

Well this worked in the past but since 13.0 build 58.x we have the ability to create a DTLS listener VIP for this, and all the custom items it has with it – Configure DTLS VPN virtual server using SSL VPN virtual server (netscaler.com)

After disabling the DTLS option on the original VIP and creating the DTLS VIP listener on the same IP and checked the DTLS 1.2 option this is resolved, this is the correct way of creating/configuring UDP/TCP connections for a EDT setup.

Reference and Support:

DTLS handshake fails on DTLS1.0 even after DTLS is enabled on the SSL VPN VIP. (citrix.com)

DTLS 1.0 or DTLS 1.2 is not working through Citrix Access Gateway Vserver with SNI Based Certificate

Hope it helps!


Posted

in

, , ,

by