Solved

Citrix server behind a NAT

Posted on 2006-11-26
10
3,245 Views
Last Modified: 2011-04-14
Current i have a citrix metaframe 4 behind a NAT (192.168.1.2)  I would like to deploy an application to user who is out of the office via shortcut or ica files.  Is that possible?

Currently if the user wish to access the application he/she have to connecty to the server via citrix client and get access the citrix server to run the application.  This is too much work and taking alot of resourcce.  I was able to create a ica file and open the application to the desktop when i'm inside the  office or on a same nat.

PLEASE HELP, MANY THANKS IN ADVANCE  
0
Comment
Question by:paulhuynh
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
Citrix uses port 80 for the XML service and 1494 for ICA connectivity.  From the outside your user will have to be able to contact the Citrix server at 192.168.1.2 port 1494.  On your router / firewall you will need to forward that port to the citrix server.  In the ICA file you will have to supply the external ip address of your connection.

Another way to do all of this is use the Citrix Web Interface.  This can be a very handy way of deploying applications externally and internally.  It still requires that port 1494 be forwarded to the citrix server, but allows the user to simply login and launch any published app.

Security concerns of course use SSL for the web interface, and an even better solution is the secure gateway.  These may a bit more than you want to do.  The port forwarding and replacing the ip address with the public one should work for you.
0
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
http://support.citrix.com/servlet/KbServlet/download/6302-102-12987/Web_Interface_Guide.pdf

Guide on WI for MPS4 also page 74 discusses some setup you may like to read about address translation and mapping.
0
 

Author Comment

by:paulhuynh
Comment Utility
I current have my firewall doing portwarding  to the server  port 80, 1494, and 1604.  I will post you my ica file shortly
0
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
Great.  Sounds like the NAT side is setup fine.  One thing to try just as a final test of NAT telnet to the public ip port 1494.

telnet ip.ad.dr.ess 1494 if it is working you should see ICA returned.
0
 
LVL 11

Expert Comment

by:AdamBNYC
Comment Utility
Also open up 2598, This is the new citrix session reliablity port.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:paulhuynh
Comment Utility
here is my current ICA file

[WFClient]
Version=2
TcpBrowserAddress=192.168.1.2
HttpBrowserAddress=192.168.1.2
PersistentCachePath=C:\Documents and Settings\Kevin\Application Data\ICAClient\Cache
 
[ApplicationServers]
CONTACT MANAGER=
 
[CONTACT MANAGER]
Address=CONTACT MANAGER
InitialProgram=#CONTACT MANAGER
ClientAudio=Off
Compress=On
TWIMode=On
DesiredHRES=1024
DesiredVRES=768
DesiredColor=4
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0
BrowserProtocol=HTTPonTCP
ScreenPercent=0
0
 
LVL 10

Accepted Solution

by:
chrisnewman01 earned 500 total points
Comment Utility
TcpBrowserAddress=<external IP address you have set that maps to this server>

HttpBrowserAddress=<external IP address you have set that maps to this server>   <-- you may want to remove this line if you are having trouble accessing the app (or ; it out)

AND

(in the [CONTACT MANAGER] section:)
Address=<external IP address you have set that maps to this server>

Chris
0
 

Author Comment

by:paulhuynh
Comment Utility
THANK YOU IT WORK GREAT  CHANGING THE IP ADDRESS SOLUTION WORK GREAT
0
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
Also, just as a suggestion.  For one user this works well.  As your remote needs begin to increase.  Think about using secure gateway or web interface, makes your life much easier and is more secure.
0
 
LVL 10

Expert Comment

by:chrisnewman01
Comment Utility
Absolutely, Matthew L is correct by saying that.  You also only need to open port 443 on the outside (or 80 with a redirect to 443).
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

After several days of searching and hunting for limited documentation, I wanted to share this guide to hopefully save someone the hassle of trying to figure this out on their own. I have tested this on Xendesktop 7.1 and PS 4.5 running simultaneous…
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now