[THIN] Re: WI3.0 behind ISA, baffled

  • From: "Jeff Pitsch" <jpitsch@xxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Tue, 2 Nov 2004 13:36:52 -0500

The altaddr address has to be the public address that the clients see.
Your passing the external clients a private address that can't be used
to connect over the internet.

>> I then add an entry for 10.1.0.0/0.0.255.255 =
>> NORMAL

Ok, excuse my ignorance, but why is your subnet mask reversed?  

Jeff Pitsch


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Evan Mann
Sent: Tuesday, November 02, 2004 1:26 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI3.0 behind ISA, baffled

OK, the IP address is the Citrix's server IP, not ISA's external IP.
I'm not sure why.  I thought I did the AltAddr setup correct:

BTW - Citrix and WI are the SAME box.  This is strictly a evaluation
setup for senior management, so we went simple, 1 box for all.

1) ran altaddr /set 192.168.12.45 on citrix/wi box and rebooted
2) Went into WI NAT configured and specified the default to be the
alternate address.  I then add an entry for 10.1.0.0/0.0.255.255 =
NORMAL 

Doesn't that make it so unless I'm hitting WI from 10.1.0.0/16 the .ICA
file should have 192.168.12.45:1494 in it?


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jeff Pitsch
Sent: Tuesday, November 02, 2004 1:15 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI3.0 behind ISA, baffled

Ok, let's test NAT then.  When you are at the application list in WI.
Right click on an icon and do a save as.  Open up the launch.ica and see
what IP address it is returning.  It should be the external address
(obviously)

Jeff Pitsch


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Evan Mann
Sent: Tuesday, November 02, 2004 1:05 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI3.0 behind ISA, baffled

I have a protocol definition for TCP/1494 and server published using
that definition.  There is also a protocol definition for UDP/1604 and
server published, although I thought it wasn't necessary open that for
WI.  There is a web publishing element in place so you can actually hit
the WI website. 

I am noticing that the citrix-ica access-list in my PIX is not
increasing in hits at all. Only when I telnet to the external IP port
1494 does it increase.  

I disabled session reliability and rebooted, still no luck.


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jeff Pitsch
Sent: Tuesday, November 02, 2004 12:49 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI3.0 behind ISA, baffled

When you setup the proxy rule for 1494 did you use a web publishing or
server publishing rule?  ICA traffic requires a Server publishing rule.

Also, there could be a possibility that Session reliability is not
failing over to 1494.  If session reliability is enabled on your farm
and you are not using it, then you can disable it at the farm.  If you
do use it or want to, you will need another Server publishing rule for
port 2598.

Jeff Pitsch


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Evan Mann
Sent: Tuesday, November 02, 2004 12:30 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI3.0 behind ISA, baffled

MPS 3.0, ICA client is 8.1 Web Client.  Not sure what you mean by
forward or reverse proxy.  All my LAN side clients (including servers)
are SecureNAT clients for ISA, meaning their default gateway ends up
being one of ISA's private side Ips


 

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jeff Pitsch
Sent: Tuesday, November 02, 2004 12:22 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI3.0 behind ISA, baffled

What version of Metaframe are you using?  Is it version 3.0?

Jeff Pitsch


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Hutchinson, Alan
Sent: Tuesday, November 02, 2004 11:46 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI3.0 behind ISA, baffled

When you say

 "In all cases, I can hit the WI site and login, but when I try to
launch an app, it never connects to the Citrix server and launches.
It's got to be something basic, right?!?

What exactly do you mean? From this I assume you are getting a list of
published apps and it's when you try to launch one of these that you
have the problem? What exactly is the error message and how far throught
the connection stage are you getting? What client are you using?

Regards,

Alan.

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Evan Mann
Sent: 02 November 2004 04:51
To: thin@xxxxxxxxxxxxx
Subject: [THIN] WI3.0 behind ISA, baffled


Ok, can't figure this one out, all the docs/articles I've found aren't
getting results.  Setup as follow)

Internet -> pix  -> ISA -> internal servers

Internet IP address I want to use for WI is 11.11.11.11.  The PIX has a
access-list to allow tcp citrix-ica and a static to map 11.11.11.11 to
192.168.10.45

192.168.10.45 is one of ISA's outside Ips

My WI box has an IP of 10.1.10.250

ISA has a protcol definition to allow TCP1494 and it maps it from
192.168.10.45 to 10.1.10.250 via server publishing.  
ISA also has web publishing for port 80 for the actual WI interface I
also even added a packet filter for 1494 as an extra effort.  

I set altaddr=192.168.10.45 and reboot citrix box, then I tried
altaddr=11.11.11.11 and rebooted Citrix.

In all cases, I can hit the WI site and login, but when I try to launch
an app, it never connects to the Citrix server and launches.  It's got
to be something basic, right?!?

There is some refence back for Nfuse in the template.ica to change
Address=IPV4_AddressAlternate instead of IPV4_Address default setting
but under WI3.0 the use of IPV4_Address is replaced ith
Nfuse_AppServerAddress, so I'm not sure if I need to use this or not.

In the WI3.0 Web page interface I set the default to alternate address
and specified a normal address of 10.1.0./0.0.255.255 for internal
clients.  The internal clients always work, just not the ones coming in
via PIX and ISA.

PS, I can telnet to 11.11.11.11 port 1494 and get ICA  ICA  ICA so I
know my PIX and ISA are letting me at port 1494.  It seems like some
kind of NAT issues on WI.
********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference Join us at
ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm


********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference Join us at
ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference Join us at
ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference Join us at
ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference Join us at
ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference Join us at
ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference Join us at
ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference
Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology
Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference
Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts:

  1. Home
  2. thin
  3. Archive
  4. 11-2004