tyty4u2
asked on
Secure Gateway & Presentation Server 4.5
Everything is working great internally and externally for Citrix users using Http instead of Https.
Current setup is:
External: citrix.domain.com
Internal: citrix.domain.local (192.168.1.0 IP Range)
I am using ISA Server 2004 and have a standard Publishing Rule for traffic 1494, 2598, & 80 to go citrix.domain.local. I setup access routs as follows:
Default - Translated
192.168.1.0 - Direct.
Firewall translations:
citrix.domain.local 80 to citrix.domain.com 80
citrix.domain.local 1494 to citrix.domain.com 1494
citrix.domain.local 2598 to citrix.domain.com 2598
Users can go to http://citrix.domain.com/citrix/accessplatform from home and everything works great.
So, I setup Secure gateway. Went through the wizard ok with no problem.
Setup the gateway settings as:
FQDN: citrix.domain.local
STA FQDN: http://citrix.domain.com/Scripts/ctxsta.dll
Port: 443
Session Reliablity Checked.
Installed the Root Certificate from my server
Open up a port on the ISA to allow traffice on 443.
I also tried to setup a address translation for port 443 with no luck.
I can go to https://citrix.domain.com/citrix/accessplatform and login, but the server cannot be found when I click on an application. Running a sniffer shows it is trying to connect to citrix.domain.local and not citrix.domain.com which should be a translation issue, but I have tried every combination.
Basic setup is:
Public IP - ISAServer 2004 - Private IP (192.168.1.0) NAT
Citrix computer is a member server on the private subnet
Thanks!!
Current setup is:
External: citrix.domain.com
Internal: citrix.domain.local (192.168.1.0 IP Range)
I am using ISA Server 2004 and have a standard Publishing Rule for traffic 1494, 2598, & 80 to go citrix.domain.local. I setup access routs as follows:
Default - Translated
192.168.1.0 - Direct.
Firewall translations:
citrix.domain.local 80 to citrix.domain.com 80
citrix.domain.local 1494 to citrix.domain.com 1494
citrix.domain.local 2598 to citrix.domain.com 2598
Users can go to http://citrix.domain.com/citrix/accessplatform from home and everything works great.
So, I setup Secure gateway. Went through the wizard ok with no problem.
Setup the gateway settings as:
FQDN: citrix.domain.local
STA FQDN: http://citrix.domain.com/Scripts/ctxsta.dll
Port: 443
Session Reliablity Checked.
Installed the Root Certificate from my server
Open up a port on the ISA to allow traffice on 443.
I also tried to setup a address translation for port 443 with no luck.
I can go to https://citrix.domain.com/citrix/accessplatform and login, but the server cannot be found when I click on an application. Running a sniffer shows it is trying to connect to citrix.domain.local and not citrix.domain.com which should be a translation issue, but I have tried every combination.
Basic setup is:
Public IP - ISAServer 2004 - Private IP (192.168.1.0) NAT
Citrix computer is a member server on the private subnet
Thanks!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I appreciate the help. I have had this question posted for awhile with no response and wouldn't ya know it, I fix it and I get a response.
I ended up changing the 192.168.1.0 translation to Gateway Direct and the default to Gateway Translation and that seemed to fix the problem. Its VERY odd that the 192.168.1.0 translation was taking presidence no matter what, even externally, but only when using HTTPS. HTTP translated ok. I ended up getting it resolved by setting up a new Web Interface Site and trying every possible combination.
Ran a packet sniffer and all traffice was going over HTTS and TLS. Also opened the launch.ica and saw the address as being encrypted.
Thanks for the help though.
I ended up changing the 192.168.1.0 translation to Gateway Direct and the default to Gateway Translation and that seemed to fix the problem. Its VERY odd that the 192.168.1.0 translation was taking presidence no matter what, even externally, but only when using HTTPS. HTTP translated ok. I ended up getting it resolved by setting up a new Web Interface Site and trying every possible combination.
Ran a packet sniffer and all traffice was going over HTTS and TLS. Also opened the launch.ica and saw the address as being encrypted.
Thanks for the help though.
ASKER
I ended up fixing it before I received a response, but this answer was correct. THANKS!
C:\Inetpub\wwwroot\webinte
Edit this file, and make these changes and you should be set. All your changing is the address. This will redirect to https
<!--
WebInterface.htm
Copyright (c) 2000 - 2006 Citrix Systems, Inc. All Rights Reserved.
Web Interface 4.5.1.8215
-->
<script type="text/javascript">
<!--
window.location="https://YOURPORTAL.ADDRESSGOESHERE.com/Citrix/AccessPlatform";
// -->
</script>