Solved

Citrix server behind a NAT

Posted on 2006-11-26
10
3,285 Views
Last Modified: 2011-04-14
Current i have a citrix metaframe 4 behind a NAT (192.168.1.2)  I would like to deploy an application to user who is out of the office via shortcut or ica files.  Is that possible?

Currently if the user wish to access the application he/she have to connecty to the server via citrix client and get access the citrix server to run the application.  This is too much work and taking alot of resourcce.  I was able to create a ica file and open the application to the desktop when i'm inside the  office or on a same nat.

PLEASE HELP, MANY THANKS IN ADVANCE  
0
Comment
Question by:paulhuynh
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 10

Expert Comment

by:MATTHEW_L
ID: 18016132
Citrix uses port 80 for the XML service and 1494 for ICA connectivity.  From the outside your user will have to be able to contact the Citrix server at 192.168.1.2 port 1494.  On your router / firewall you will need to forward that port to the citrix server.  In the ICA file you will have to supply the external ip address of your connection.

Another way to do all of this is use the Citrix Web Interface.  This can be a very handy way of deploying applications externally and internally.  It still requires that port 1494 be forwarded to the citrix server, but allows the user to simply login and launch any published app.

Security concerns of course use SSL for the web interface, and an even better solution is the secure gateway.  These may a bit more than you want to do.  The port forwarding and replacing the ip address with the public one should work for you.
0
 
LVL 10

Expert Comment

by:MATTHEW_L
ID: 18016141
http://support.citrix.com/servlet/KbServlet/download/6302-102-12987/Web_Interface_Guide.pdf

Guide on WI for MPS4 also page 74 discusses some setup you may like to read about address translation and mapping.
0
 

Author Comment

by:paulhuynh
ID: 18016258
I current have my firewall doing portwarding  to the server  port 80, 1494, and 1604.  I will post you my ica file shortly
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 10

Expert Comment

by:MATTHEW_L
ID: 18016264
Great.  Sounds like the NAT side is setup fine.  One thing to try just as a final test of NAT telnet to the public ip port 1494.

telnet ip.ad.dr.ess 1494 if it is working you should see ICA returned.
0
 
LVL 11

Expert Comment

by:AdamBNYC
ID: 18016937
Also open up 2598, This is the new citrix session reliablity port.
0
 

Author Comment

by:paulhuynh
ID: 18020701
here is my current ICA file

[WFClient]
Version=2
TcpBrowserAddress=192.168.1.2
HttpBrowserAddress=192.168.1.2
PersistentCachePath=C:\Documents and Settings\Kevin\Application Data\ICAClient\Cache
 
[ApplicationServers]
CONTACT MANAGER=
 
[CONTACT MANAGER]
Address=CONTACT MANAGER
InitialProgram=#CONTACT MANAGER
ClientAudio=Off
Compress=On
TWIMode=On
DesiredHRES=1024
DesiredVRES=768
DesiredColor=4
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0
BrowserProtocol=HTTPonTCP
ScreenPercent=0
0
 
LVL 10

Accepted Solution

by:
chrisnewman01 earned 500 total points
ID: 18021517
TcpBrowserAddress=<external IP address you have set that maps to this server>

HttpBrowserAddress=<external IP address you have set that maps to this server>   <-- you may want to remove this line if you are having trouble accessing the app (or ; it out)

AND

(in the [CONTACT MANAGER] section:)
Address=<external IP address you have set that maps to this server>

Chris
0
 

Author Comment

by:paulhuynh
ID: 18039877
THANK YOU IT WORK GREAT  CHANGING THE IP ADDRESS SOLUTION WORK GREAT
0
 
LVL 10

Expert Comment

by:MATTHEW_L
ID: 18064587
Also, just as a suggestion.  For one user this works well.  As your remote needs begin to increase.  Think about using secure gateway or web interface, makes your life much easier and is more secure.
0
 
LVL 10

Expert Comment

by:chrisnewman01
ID: 18065443
Absolutely, Matthew L is correct by saying that.  You also only need to open port 443 on the outside (or 80 with a redirect to 443).
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Citrix XenDesktop 7.6 Citrix Policies Audio
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question