Using Web Interface 4.0 using NAT on a Router

Ok, I am still trying to wrap my mind around the documentation for the Web Interface's Secure Client Access settings.

My problem is that in my case we are using NAT on a router, instead of a Firewall.  Let me try and explain my problem.

IP Addresses:
Citrix Clients = 172.26.x and 128.185.x
Server NATd Address = 199.220.115.198
Server Internal Address = 10.10.1.20
Web Interface and PS4 are on the same server

So when I use my desktop to access the Web Interface via the NATd address (199.220.115.198) I get the logon screen.  I am able to logon successfully, but when I try and launch a published application I get the following non-descript error:
Cannot connect to the Citrix MetaFrame server.
The Citrix Metaframe server you have selected is not accepting connections.

The problem is I can create an ICA connection directly to the server without any problems, but I cannot seem to use an Application Set connection or the web interface.

I have setup the server with an alternate address of the NATd address using altaddr.  I have also setup the Web Interface's Secure Client settings to use the Alternate address option.

Nothing seems to work to allow for a successful ICA connection.
pearlvisionAsked:
Who is Participating?
 
nitadminConnect With a Mentor Commented:
ARe you using Program Neighborhood.

Do the following. Right Click on the Application Icon. Choose properties.
Click on the Firewalls button. Put a check next to the line that says, "Use alternate address for Firewall Connection"

Also on your Firewall/Router you must have Nating enabled and A public IP for each of your Citrix Boxes.

In Citrix Access Suite Console if you have your site setup.  

This is the way for Address Translation
Choose Manage Secure Client Access > Edit Address Translations - Put the Prinvate IP to the Real IP for each Citrix Box in there.
Now under Choose Manage Secure Client Access >Edit DMZ Settings
1.  Edit Default and choose - translated
2.  Click on add and put your local Subnet exp.  10.0.0.0 and put as Direct.  
3.  On your Citrix boxes take out the altaddr
Your users from inside and outside will be able to access.

Cheers,
NITADMIN
0
 
chrisnewman01Commented:
Do the users connect via the 10.10.1.20 address or do they use the 199.220.115.198 address?  Which port are you using for XML?  Is there routing between the sites over that same router?  When you connect to the site (directly), are you on the same subnet (10.x.x.x), or are you on one of the other 2 subnets?  Is TCP port 1494 opened to the Citrix server on the 'firewall'?  Sorry for all the questions, I'm trying to understand your network a little better.  

Also, if you right click any one of your icons and save, then open the file, what IP address is listed in there?  The 10.x address or the 199.220.x address?
0
 
chrisnewman01Connect With a Mentor Commented:
One more question.  Are you using Alternate or Secure Gateway Alternate for the 172.26.x and 128.185.x sites?  If you're not using Citrix Secure Gateway, you will have to select alternate.
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
pearlvisionAuthor Commented:
Q:Do the users connect via the 10.10.1.20 address or do they use the 199.220.115.198 address?
A:They are connecting using 199.220.115.198.

Q:Which port are you using for XML?
A:Port 80 (default)

Q:Is there routing between the sites over that same router?
A:Not sure what you mean.  the 172.x and 128.x are other WAN sites with routers, but there is only one router to the 10.x site

Q:When you connect to the site (directly), are you on the same subnet (10.x.x.x), or are you on one of the other 2 subnets?
A:One of the other 2. (172.x or 128.x)

Q:Is TCP port 1494 opened to the Citrix server on the 'firewall'?
A:We do not have a firewall between, but all of the Citrix published ports are allowed through the router.

Q:Are you using Alternate or Secure Gateway Alternate for the 172.26.x and 128.185.x sites?
A:I have tried Alternate and Translated and neither seem to work.
0
 
BLipmanCommented:
Download your launch.ica file by right clicking and choosing save; open it w/ notepad and post.  
0
 
pearlvisionAuthor Commented:
I appreciate everyone's posts, but I was able to solve the problem.  it was a misconfiguration on the NAT on the router causing my issues.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.