Solved

Using Web Interface 4.0 using NAT on a Router

Posted on 2006-11-01
6
578 Views
Last Modified: 2008-01-09
Ok, I am still trying to wrap my mind around the documentation for the Web Interface's Secure Client Access settings.

My problem is that in my case we are using NAT on a router, instead of a Firewall.  Let me try and explain my problem.

IP Addresses:
Citrix Clients = 172.26.x and 128.185.x
Server NATd Address = 199.220.115.198
Server Internal Address = 10.10.1.20
Web Interface and PS4 are on the same server

So when I use my desktop to access the Web Interface via the NATd address (199.220.115.198) I get the logon screen.  I am able to logon successfully, but when I try and launch a published application I get the following non-descript error:
Cannot connect to the Citrix MetaFrame server.
The Citrix Metaframe server you have selected is not accepting connections.

The problem is I can create an ICA connection directly to the server without any problems, but I cannot seem to use an Application Set connection or the web interface.

I have setup the server with an alternate address of the NATd address using altaddr.  I have also setup the Web Interface's Secure Client settings to use the Alternate address option.

Nothing seems to work to allow for a successful ICA connection.
0
Comment
Question by:pearlvision
6 Comments
 
LVL 10

Expert Comment

by:chrisnewman01
ID: 17851632
Do the users connect via the 10.10.1.20 address or do they use the 199.220.115.198 address?  Which port are you using for XML?  Is there routing between the sites over that same router?  When you connect to the site (directly), are you on the same subnet (10.x.x.x), or are you on one of the other 2 subnets?  Is TCP port 1494 opened to the Citrix server on the 'firewall'?  Sorry for all the questions, I'm trying to understand your network a little better.  

Also, if you right click any one of your icons and save, then open the file, what IP address is listed in there?  The 10.x address or the 199.220.x address?
0
 
LVL 10

Assisted Solution

by:chrisnewman01
chrisnewman01 earned 100 total points
ID: 17851681
One more question.  Are you using Alternate or Secure Gateway Alternate for the 172.26.x and 128.185.x sites?  If you're not using Citrix Secure Gateway, you will have to select alternate.
0
 

Author Comment

by:pearlvision
ID: 17853583
Q:Do the users connect via the 10.10.1.20 address or do they use the 199.220.115.198 address?
A:They are connecting using 199.220.115.198.

Q:Which port are you using for XML?
A:Port 80 (default)

Q:Is there routing between the sites over that same router?
A:Not sure what you mean.  the 172.x and 128.x are other WAN sites with routers, but there is only one router to the 10.x site

Q:When you connect to the site (directly), are you on the same subnet (10.x.x.x), or are you on one of the other 2 subnets?
A:One of the other 2. (172.x or 128.x)

Q:Is TCP port 1494 opened to the Citrix server on the 'firewall'?
A:We do not have a firewall between, but all of the Citrix published ports are allowed through the router.

Q:Are you using Alternate or Secure Gateway Alternate for the 172.26.x and 128.185.x sites?
A:I have tried Alternate and Translated and neither seem to work.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 19

Expert Comment

by:BLipman
ID: 17854667
Download your launch.ica file by right clicking and choosing save; open it w/ notepad and post.  
0
 
LVL 8

Accepted Solution

by:
nitadmin earned 400 total points
ID: 17855616
ARe you using Program Neighborhood.

Do the following. Right Click on the Application Icon. Choose properties.
Click on the Firewalls button. Put a check next to the line that says, "Use alternate address for Firewall Connection"

Also on your Firewall/Router you must have Nating enabled and A public IP for each of your Citrix Boxes.

In Citrix Access Suite Console if you have your site setup.  

This is the way for Address Translation
Choose Manage Secure Client Access > Edit Address Translations - Put the Prinvate IP to the Real IP for each Citrix Box in there.
Now under Choose Manage Secure Client Access >Edit DMZ Settings
1.  Edit Default and choose - translated
2.  Click on add and put your local Subnet exp.  10.0.0.0 and put as Direct.  
3.  On your Citrix boxes take out the altaddr
Your users from inside and outside will be able to access.

Cheers,
NITADMIN
0
 

Author Comment

by:pearlvision
ID: 17870989
I appreciate everyone's posts, but I was able to solve the problem.  it was a misconfiguration on the NAT on the router causing my issues.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

#Citrix #XenApp #Citrix XenApp #Citrix Concurrent License #Citrix Licensing #Citrix Policies
#Citrix #Internet Explorer #Enterprise Mode #IE 11 #IE 8
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now