Tony, In the SAM pilot we have the CSG and the logon agent server in the DMZ. We have three other servers on the production side 1 as an agent server, state server, and SQL. The 2nd is a web server and agent server. The last is just a ticketing server. We have ensured that FQN can be resolved. Do you think the Alias command could be messing things up? Whats interesting is we are CSG 2.0 in production for our remotes sites with the same ticketing server all is well. Both point to the same farm. Arthur -----Original Message----- From: Tony Lyne [mailto:Tony.Lyne@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, November 05, 2003 3:29 PM To: Tastet, Arthur Subject: RE: [THIN] Re: Help With Secure Access Manager OK, So where is your CSG server located. On the DMZ? A couple of things youll need to check. Make sure the CSG server can resolve the FQN of the Citrix servers internally and the addresses are not NAT'ed (I had issues when NAT was used between the Internal and DMZ interfaces) CSG didn't like it. Ensure the FQN of the access center is also accessable via the same means. PIX is a stateful inspection firewall so there should be less issues with the NAT side of things as compared to a layer 7 FW like Borderware. Let me know if this is of any help and if you need more info. Tony Lyne Senior Systems Engineer Computerland Central P O Box 1470 PALMERSTON NORTH Telephone (+64) 06 3537300 Facsimile (+64) 06 3566800 Mobile (+64) 0274 720696 E-mail Tony.Lyne@xxxxxxxxxxxxxxxxxx Internet http://www.computerland.co.nz CAUTION: This e-mail message and accompanying data may contain information that is confidential and subject to privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this e-mail in error, please notify me immediately and delete all material pertaining to this e-mail. Thank you. -----Original Message----- From: Tastet, Arthur [mailto:ARTHUR.TASTET@xxxxxxxxxxxxx] Sent: Thursday, 6 November 2003 9:17 a.m. To: Tony Lyne Subject: RE: [THIN] Re: Help With Secure Access Manager Tony, We use a Cisco Pix 515 on our firewall. We use alias command which translate all DNS calls. Arthur Tastet Moses Cone Health System -----Original Message----- From: Tony Lyne [mailto:Tony.Lyne@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, November 05, 2003 2:59 PM To: ARTHUR.TASTET@xxxxxxxxxxxxx Subject: FW: [THIN] Re: Help With Secure Access Manager Did you get this reply to your email? ------------------------------------------------------------------ Arthur, What is the firewall you are using, and what kind of certificates are you using. I had issues initially setting up the CSG/MSAM integration side of things as well. As the clients firewall was a Layer 7 (Borderware firewall server, very nice firewall I must add) so we had to do a few things on the firewall to get it working reliably. Tony Lyne Senior Systems Engineer Computerland Central P O Box 1470 PALMERSTON NORTH Telephone (+64) 06 3537300 Facsimile (+64) 06 3566800 Mobile (+64) 0274 720696 E-mail Tony.Lyne@xxxxxxxxxxxxxxxxxx Internet http://www.computerland.co.nz CAUTION: This e-mail message and accompanying data may contain information that is confidential and subject to privilege. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. If you have received this e-mail in error, please notify me immediately and delete all material pertaining to this e-mail. Thank you. -----Original Message----- From: Tastet, Arthur [mailto:ARTHUR.TASTET@xxxxxxxxxxxxx] Sent: Wednesday, 5 November 2003 4:46 a.m. To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Help With Secure Access Manager We are evaluating Secure Access Manager in a pilot for both internal and external use. We are having problems with the proxy function of mSAM and wanted to know if anybody is using it for both internal and external use for web and ica traffic? If so, are you having any issues? In short, it works for a short amount of time externally and then stops working. ICA traffic stops being sent through the secure gateway and wants to start going direct to the Citrix servers. This seems odd since this is the core functionality of the mSAM product (secure, remote access to internal network resources). We are doing network address translation in our DMZ. We are wondering if it may be configuration issue, but we are unable to identify the problem. Does anybody have any insight into what could be the problem? Thanks, Arthur Tastet Moses Cone Health System (336) 832-7722 Moses Cone Health System Greensboro, North Carolina 27401 ******************************************************** This Weeks Sponsor Pearl Software Internet Monitoring, Filtering, and Control Solutions Enabling User & Group Level Oversight & Access Policies Fully Functional in a Thick or Thin Client Environment http://www.pearlsw.com ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm New! Online Thin Computing Magazine Site http://www.OnDemandAccess.com For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm ******************************************************** This Week's Sponsor - RTO Software / TScale What's keeping you from getting more from your terminal servers? Did you know, in most cases, CPU Utilization IS NOT the single biggest constraint to scaling up?! Get this free white paper to understand the real constraints & how to overcome them. SAVE MONEY by scaling-up rather than buying more servers. http://www.rtosoft.com/Enter.asp?ID=147 ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm New! Online Thin Computing Magazine Site http://www.OnDemandAccess.com For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm Moses Cone Health System Greensboro, North Carolina 27401 Moses Cone Health System Greensboro, North Carolina 27401 ******************************************************** This Week's Sponsor - RTO Software / TScale What's keeping you from getting more from your terminal servers? Did you know, in most cases, CPU Utilization IS NOT the single biggest constraint to scaling up?! Get this free white paper to understand the real constraints & how to overcome them. SAVE MONEY by scaling-up rather than buying more servers. http://www.rtosoft.com/Enter.asp?ID=147 ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm New! Online Thin Computing Magazine Site http://www.OnDemandAccess.com For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm