443 access to Citrix and OWA
I have two seperate servers. 1 is for Citrix which listens on port 443. It has it's own certificate "citrix.domain.com" and I have a exchange server listening on port 443 with it's own certificate "mail.domain.com". This was working great until a citrix tech fix a different problem for us. Now when you try to access "from the outside" the citrix server using citrix.domain.com the mail server answeres and gives an error because the certificate is for the citrix server. I have the firewall config with the fallow NAT
ip nat inside source static tcp "exchange inside IP" 443 interface Ethernet1 443
ip nat inside source static tcp "citrix inside IP" interface Ethernet1
ip nat inside source static tcp "citrix inside IP" 443 "external router IP" 443 extendable
Is this correct?
Citrix Presentation Server 4.0 settings
DMZ = Gateway Direct
The Citrix secure gateway is listening on port 444 while IIS is listening on port 443.
ip nat inside source static tcp "exchange inside IP" 443 interface Ethernet1 443
ip nat inside source static tcp "citrix inside IP" interface Ethernet1
ip nat inside source static tcp "citrix inside IP" 443 "external router IP" 443 extendable
Is this correct?
Citrix Presentation Server 4.0 settings
DMZ = Gateway Direct
The Citrix secure gateway is listening on port 444 while IIS is listening on port 443.
could you show us the:
sh ip nat trans
sh run
sh ip nat trans
sh run
This should be pretty straight forward. Your Citrix server on the outside should be holding its own public IP and your OWA gets its own IP. If you are going to citrix.mycompany.com and getting your exchange server, your public IP's are wrong or your NAT statement has changed, or somehow your internal IP's on your exchange server and your Citrix server were switched.
On your CSG and OWA servers, use IE and go to http://www.whatismyip.com . Are the Public IPs being reported correct?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ip nat inside source static tcp "exchange inside IP" 443 xxx.xxx.xxx.1 443
ip nat inside source static tcp "citrix inside IP" xxx.xxx.xxx.1
ip nat inside source static tcp "citrix inside IP" 443 xxx.xxx.xxx.2 443 extendable
I have to A records
mail.domain.com points to xxx.xxx.xxx.1
citrix.domain.com points to xxx.xxx.xxx.2
Now, I've tried have both A records and the NAT extendable pointing to the interface Ethernet1 "xxx.xxx.xxx.1