[THIN] Re: netscalers and smartcards (CAC) - who's using them?
- From: "Steve Snyder" <kwajalein@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Fri, 9 Jan 2009 08:06:38 +1200
from the client it's a SSL VPN to the NS through the FW, the NS sits
entirely in the DMZ, external FW allows 443 through and is doing NAT. From
the DMZ to the inside (where the WI and citirix farm is) we allow 1494,
3010, 443, 80, 22, 53 & 2598. The client PC can use PN to get to the farm
and launch apps with smart card auth, so it's just the WI that's not
cooperating.
We're trying to use the WI has the default web page that the NS presents to
the user.
On Thu, Jan 8, 2009 at 3:26 PM, Steve Greenberg <steveg@xxxxxxxxxxxxxx>wrote:
> How is it configured exactly? Is it a pure VPN connection and not an ICA
> proxy? I.e. does the client have a tunnel to the WI box directly? If so,
> have you opened the ports need for the smart card software?? ( I have no
> idea what they would be)
>
>
>
>
>
> *Steve Greenberg*
>
> Thin Client Computing
>
> 34522 N. Scottsdale Rd D8453
>
> Scottsdale, AZ 85266
>
> *(602) 432-8649*
>
> www.thinclient.net
>
> *steveg@xxxxxxxxxxxxxx*
>
>
> ------------------------------
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Steve Snyder
> *Sent:* Wednesday, January 07, 2009 5:40 PM
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] netscalers and smartcards (CAC) - who's using them?
>
>
>
> and what did you have to do to get the WI to come up properly?
>
> We're trialing a NS 8.1 in our DMZ - the VPN tunnel connects and it starts
> to load the WI site but the smartcard (CAC) authentication just doesn't fly.
> Citrix is scratching their heads.
>
Other related posts:
