[THIN] KB: CTX039746 - IMA and ICA Browsing With Firewall Address Translation (NAT)

CTX039746 - IMA and ICA Browsing With Firewall Address Translation (NAT)

This document was published at:
http://support.citrix.com/kb/entry.jspa?externalID=CTX039746


Document ID: CTX039746, Created on: May 17, 2000, Updated: Sep 16, 2004

Products: Citrix MetaFrame 1.8 for Microsoft NT 4.0 Server Terminal Server
Edition, Citrix MetaFrame 1.8 for Microsoft Windows 2000, Citrix MetaFrame
XP 1.0 for Microsoft Windows 2000, Citrix MetaFrame XP 1.0 for Microsoft NT
4.0 Server Terminal Server Edition, Citrix MetaFrame XP 1.0 for Microsoft
Windows 2003, Web Interface for MetaFrame Presentation Server 3.0, Web
Interface 2.0, Citrix MetaFrame Presentation Server 3.0 for Microsoft
Windows 2003, Citrix MetaFrame Presentation Server 3.0 for Microsoft Windows
2000

How to Configure the Citrix Server and Client for Address Translation

Part I:

When the Citrix ICA Client?s server location Firewall Button checkbox for
Use alternate address for firewall connection is configured, the client
requests the alternate/external address when contacting servers inside the
firewall. This checkbox instructs the server to send the alternate address,
specified with the Altaddr utility, to the client.

1. Open the Program Neighborhood Client. From the Application Set Settings
or Custom ICA connection Properties?.

2. Select the Connection Tab

3. Navigate to the Server Location Section

4. Under Network Protocol choose TCP/IP or TCP/IP+HTTP

5. Under Address List enter the alternate IP address of the server and, if
needed, the XML port of the MetaFrame Server.

6. Check the box for Use alternate address for firewall connection

Part II:

Note: When the second interface of a multi-homed server is configured for an
external address per Multihomed Computers and IMA and ICA Browser, the usage
of Altaddr and configuration of the client firewall checkbox described in
Part I are not needed.

Use the command line Altaddr utility to configure the IMA and ICA Browser
services to return the alternate/external IP address to Citrix ICA Clients.
The external address for the server is specified as the alternate address.

When using the full Program Neighborhood Client, an alternate address must
be specified for each server in a server farm.

Please refer to the NFuse/Web Interface documentation, currently page 76 in
the Web Interface Administrator?s Guide, for a feature known as Port Address
Translation.

Note: The Port Address Translation feature can only be configured with
NFuse/Web Interface.

Configuring NFuse/Web Interface for Use with Network Address Translation
(NAT)

Setting an alternate address for a Citrix server

C:\Documents and Settings\Administrator>altaddr /?

ALTADDR [/SERVER: servername] [/SET AlternateAddress] /V

ALTADDR [/SERVER: servername] [/SET AdapterAddress AlternateAddress] /V

ALTADDR [/SERVER: servername] [/DELETE [AdapterAddress]] /V

Query or set alternate network addresses for an application server The
alternate address is an external address known to clients outside a
firewall.

Options:

[/SERVER:name] - configure the specified server

[/SET] - set alternate TCP/IP addresses

[/DELETE [adapteraddress]] - delete the default or specified adapter address

[/V] - verbose display mode

[/?] - display help message

When setting alternate addresses, specify a single IP address to indicate
the alternate IP address used by default for all adapters on the system, or
specify a pair of IP addresses that indicate a particular local IP address
and its corresponding alternate address.

1. Determine the correct external IP address.

2. At a command prompt, type altaddr /set nnn.nnn.nnn.nnn, where nnn is the
alternate IP address determined in Step 1.

3. Reboot.

4. Repeat on each server in a server farm.

See Appendix A, "MetaFrame Command Reference," in the MetaFrame
Administrators Guide for more information on the Altaddr utility.

********************************************************
This Weeks Sponsor triCerat:
Have you had your fill of printing support calls, unauthorized apps running on 
unsecured Terminal Servers, profile headaches, and application performance 
problems? Join us and learn how you can have a less demanding on-demand 
enterprise!
http://www.tricerat.com/?page=events#register 
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts:

  • » [THIN] KB: CTX039746 - IMA and ICA Browsing With Firewall Address Translation (NAT)