Trouble with access to Citrix farm behind ISA2004.
Posted on 2009-06-29
Network layout as follows:
Internet -> Citrix Secure Gateway -> SBS2003(ISA2004) -> Citrix Farm (LAN)
I have 2 Citrix PS4.5 servers behind ISA2004 with Web interface (WI) loaded on one of them. The STA is also loaded on same server as WI.
The Citrix Secure Gateway (CSG) has CA cert loaded and listens on port443 for users accessing via the internet. Users can access the WI fine and see all their publishid apps, but as soon as they launch an app, it comes up with SSL 29 error...port 1494.
My ISA2004 config seems to be the problem.
Ive created 2 server publishing rules to the CPS4.5 server hosting the WI (port 80) and STA (port81). That seems to be working fine, but my 1494 ICA traffic is not working well.
I created a server publishing rule for 1494 traffic to the same server, but ISA still blocks ICA traffic with the built-in ICA protocol, which is not even the protocol I selected for this rule. That means it's not even picking up the ICA published server rule. However, I can telnet that server on 1494.
Furthermore, these to citrix servers will load balance, so how do I get 1494 traffic traversing to these 2 servers behing ISA?
The 'Secure Client Access' settings on the Wi is set to 'Gateway Direct' and the FQDN & port is set to the same as that Secure Gateway.
Please help, I'm stuck here!
Thanks in advance.