When the NetScaler instance is running, you can access the instance through the NetScaler GUI or the NetScaler CLI by connecting to the EIP associated with the management ENI (NSIP). For example, use the following addressing notation in a web browser:
http://<Elastic_IP> (unsecured access) or https://<Elastic_IP> (secured access)

The default login username is nsroot, and you can find out the default login password and more login details at http://support.citrix.com/proddocs/topic/netscaler-vpx-10-1/nsvpx-verfy-vpx-aws-inst-con.html.

For security reasons, no elastic IPs are attached to the ENIs. This means that the NetScaler AMI – including the management IP – is not reachable from outside the VPC. If your VPC uses a Virtual Gateway or other method to provide a VPN access to your VPC you can administer the instance using the IP address of the network interface in the Management subnet. If you do not have VPN access to your VPC, best practice is to set up a “jump box” instance within the VPC, and then use this as the source for access to any/all management of other instances within the VPC. If you do not have an existing method for reaching instances inside the VPC you can get instructions on creating a SSH jump box here.

Three default security policies are created and attached to the management, public and private interface, respectively. The security policy for the management interface allows traffic to/from a set of ports. To access these ports, please use the best practice described above. The security policies for the public and private interfaces block all the traffic to/from the interfaces.

PLEASE NOTE: NetScaler requires each ENI to be assigned to a different subnet. If during initial configuration, multiple ENIs were attached to the same VPC subnet, packet loss may occur. To fix, use the AWS console or GUI to either delete unnecessary ENIs, or ensure each ENI is attached to a different subnet.

Launching NetScaler for AWS AMIs
General NetScaler documentation