443 access to Citrix and OWA

Posted on 2009-12-26
Last Modified: 2012-08-14
I have two seperate servers. 1 is for Citrix which listens on port 443. It has it's own certificate "" and I have a exchange server listening on port 443 with it's own certificate "". This was working great until a citrix tech fix a different problem for us. Now when you try to access "from the outside" the citrix server using the mail server answeres and gives an error because the certificate is for the citrix server. I have the firewall config with the fallow NAT
ip nat inside source static tcp "exchange inside IP" 443 interface Ethernet1 443
ip nat inside source static tcp "citrix inside IP" interface Ethernet1
ip nat inside source static tcp "citrix inside IP" 443 "external router IP" 443 extendable
Is this correct?
Citrix Presentation Server 4.0 settings
DMZ = Gateway Direct
The Citrix secure gateway is listening on port 444 while IIS is listening on port 443.

Question by:cnmgt

    Author Comment

    I need to make a correction. We have 5 public IP's so the NAT looks more like this
    ip nat inside source static tcp "exchange inside IP" 443 443
    ip nat inside source static tcp "citrix inside IP"
    ip nat inside source static tcp "citrix inside IP" 443 443 extendable

    I have to A records points to points to

    Now, I've tried have both A records and the NAT extendable pointing to the interface Ethernet1 "

    LVL 34

    Expert Comment

    by:Istvan Kalmar
    could you show us the:

    sh ip nat trans
    sh run
    LVL 11

    Expert Comment

    This should be pretty straight forward. Your Citrix server on the outside should be holding its own public IP and your OWA gets its own IP. If you are going to and getting your exchange server, your public IP's are wrong or your NAT statement has changed, or somehow your internal IP's on your exchange server and your Citrix server were switched.
    LVL 36

    Expert Comment

    by:Carl Webster
    On your CSG and OWA servers, use IE and go to .  Are the Public IPs being reported correct?

    Accepted Solution

    I configured the "ip nat inside source static tcp "citrix inside IP" 443 "second external router IP" 443 extendable" to my second public IP. My first public IP is my external on the firewall. By creating the "extendable" with the next public IP worked. I had to change my "A records" so that went to the public IP on the router and the to the extendable. Once it populated it worked. Thanks for your help.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
    This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now