The CSG can be used with as many Citrix servers as you want, using one single external IP for the CSG AND one port. If you setup rules like: External to DMZ, allows 443 from anywhere to CSG DMZ IP address. DMZ to Internal, allows 1494 from CSG DMZ IP address to MetaFrames internal IP addresses. Usually you end up using two external IPs, one for the webserver (ports 80 and 443) and one for the CSG (port 443) and as pointed, does not matter how many Citrix servers you have. -----Original Message----- From: Steve Greenberg [mailto:steveg@xxxxxxxxxxxxxx]=20 Sent: March 8, 2004 1:21 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Citrix Secure Gateway on trusted network ? Using NAT in various scenarios is common for CSG, there is no problem to have the outside DNS address NAT to CSG on an inside address. When you = =3D go the outside DNS name/ip it forwards to the inside address and works just fine. In fact, since the recommended solution is to have a true DMZ with =3D two firewalls, this is often done. The issue this won't address is if you have enough outside IP addresses. =3D If not, you can subdivide servers by assigning unique ports for each one on =3D a shared IP address. That can definitely work, but much more complicated = =3D to manage. Steve Greenberg Thin Client Computing 34522 N. Scottsdale Rd. suite D8453 Scottsdale, AZ 85262 (602) 432-8649 (602) 296-0411 fax=3D20 steveg@xxxxxxxxxxxxxx -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On = =3D Behalf Of Alex Marguth Sent: Monday, March 08, 2004 7:51 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Citrix Secure Gateway on trusted network ? Hi Jan, If you're mapping the public IP to the private one, you're still using = =3D an IP address so this may defeat the purpose for you. I believe that using the alternate address command from a dos prompt =3D will set the server to hand out the external IP which should resolve and certificate problems. _________________________________________ Alex Marguth AVM Technical Solutions, Inc. 503.799.3372 alex@xxxxxxxxxxxxxxxx -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On = =3D Behalf Of Jan Homan Sent: Monday, March 08, 2004 2:04 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Citrix Secure Gateway on trusted network ? Is it possible to have Citrix Secure Gateway on the trust network (local) or a DMZ zone which has NAT IP-adresses (e.g 10.10.10.x). We would map the public IP-address of the Secure Gateway either to the = =3D local IP-adress or to the IP-addres on the DMZ zone. We need to do this because we do not have enough public IP-addresses. The issue I can think of is that the Certificate for CSG will not work, because it is based on a public IP-adress en a FQD name. Meaning how do =3D you configure DNS (lookup) such that this work. Any comments/suggestions are very much appreciated. Jan ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application =3D management problems. http://www.triCerat.com=3D20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application =3D management problems. http://www.triCerat.com=3D20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com=20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm