[THIN] Re: Remind me...

• From: <peter_dibbens@xxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Thu, 11 Oct 2007 08:23:40 +1000

HI
To Configure AG-EE as a CSG and enable Smart Access features with
Pass-through authentication to WI you need to:

Ensure you are using WI 4.2 or greater
From the AM Console Drill down to Manage Access method and select Using
Advanced Access Control URL on your WI site 
In the URL enter
https://yourfqdn-of-the-accessgateway/CitrixAuthService.asmx you should be
using a secure connection hence https what I normally do here is add an
entry in the host file of the WI box to resolve the fqdn to the internal
address of the AG-EE device
Configure translations etc as required in the WI (also if you are using the
appliance in a 2 armed mode I recommend that you create a separate vServer
to use for this url using the internal leg of the appliance and point WI to
this Let me know if you need more information on this)
On the AG-EE device (using build 48.5)configure the ICA Proxy settings in
your session policy or globally (your preference)
Make sure you have enabled the SSL VPN feature
Enter the URL to the WI site i.e.
https://fqdn-of-WI/Citrix/Externalsite/auth/login.aspx
Make sure you have specified the STA URL for the AG-EE device either
globally or vServer your preference.

FYI the above is not available if you are trying to launch a VPN (this may
be rectified in 8.1 not sure) If you are using an SSL VPN you have other
options as I explained in an earlier post.

Hope this helps 

Pete










-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Carl Stalhood
Sent: Thursday, 11 October 2007 4:41 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Remind me...

AAC is not the correct term for Access Gateway Enterprise.

In Access Gateway Advanced AAC is a piece of software that is installed on a
Windows server.

The feature you are thinking of is SmartAccess.

On the Access Gateway Enterprise you can create two SSL VPN virtual servers:
one goes to Web Interface and the other is VPN.

The most recent release of Access Gateway Enterprise software adds a new
feature where if the SmartAccess End Point Analysis scans fail then the user
can fallback to Web Interface instead of simply being denied access to the
VPN virtual server. This feature allows you to put both VPN and Web
Interface on the same SSL VPN virtual server.

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Chad.M Schneider
Sent: Wednesday, October 10, 2007 11:44 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Remind me...

Correct.

That is the plan.

One connection direct to WI, using AAC.

The other to be used a a full VPN, using AAC.

The plan is to configure the AAC to do an endpoint check for a
particular item.

>>> steveg@xxxxxxxxxxxxxx 10/10/2007 11:59 AM >>>

Are you configuring this as an SSL VPN option? That is the subset that
supports what you want to do here...

 
Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd D8453
Scottsdale, AZ 85262
(602) 432-8649
www.thinclient.net 
steveg@xxxxxxxxxxxxxx 
 

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
Of Chad.M Schneider
Sent: Tuesday, October 09, 2007 5:25 PM
To: thin@xxxxxxxxxxxxx 
Subject: [THIN] Re: Remind me...

It worked fine on an AG 4.5.

Why would it not work on here.  THs dang thing is sold as a basic AG
with extra features.  90% of the features I have no interest in.  If
it
can't do basic AG to WI pass through, while allowing true pass through
(which the samll, cheaper, basic AG 4.5 will do, what is the point?

They have an old AG (red face plate) but currently it is not
functional.
 May need a reload.

Chad Schneider
Systems Engineer
ThedaCare IT
920-735-7615
>>> peter_dibbens@xxxxxxxxxxx 10/09/07 5:33 PM >>>
I believe this is not currently supported on AG-EE this gives you 2
options
Use smart Access for Web Interface (ICA PROXY)
Using an SSL VPN and domain membership configure WI for pass through

Hope this helps Pete


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
Of Chad.M Schneider
Sent: Wednesday, 10 October 2007 8:20 AM
To: thin@xxxxxxxxxxxxx 
Subject: [THIN] Re: Remind me...

Kerberos is not enabled on WI.

Chad Schneider
Systems Engineer
ThedaCare IT
920-735-7615
>>> tsguy92@xxxxxxxxx 10/09/07 4:48 PM >>>
Last I recall of a similarish discussion on thethin, kerberos auth
enabled
on the WI was the issue.

HTH

Lan

On 10/9/07, Chad.M Schneider <Chad.M.Schneider@xxxxxxxxxxxxx> wrote:
>
> Configuring AG (Ent. 8.0) to pass credentials though to WI 4.5.
>
> That seems to work, but when I launch the applicaitons, they prompt
me
> for Windows credentials.
>
> I know This was resolved in the past, but can't find the resolution.
>
> Help is appreciated.
>
>
>
> Chad Schneider
> Systems Engineer
> ThedaCare IT
> 920-735-7615
> ************************************************
> For Archives, RSS, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> //www.freelists.org/list/thin 
> ************************************************
>

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin 
************************************************

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin 
************************************************


************************************************
For Archives, RSS, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin 
************************************************

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin 
************************************************

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************

************************************************
For Archives, RSS, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
************************************************

• References:
  • [THIN] Re: Remind me...
    • From: Chad.M Schneider
  • [THIN] Re: Remind me...
    • From: Carl Stalhood

Other related posts:

• » [THIN] Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Re: Remind me...
• » [THIN] Remind me...- Chad Schneider (IT)

1. Home
2. thin
3. Archive
4. 10-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---