[THIN] Re: WI3.0 behind ISA, baffled

From: "Jeff Pitsch" <jpitsch@xxxxxxx>
To: <thin@xxxxxxxxxxxxx>
Date: Tue, 2 Nov 2004 16:41:47 -0500
No problem. That's what the list is for.

Jeff Pitsch


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Evan Mann
Sent: Tuesday, November 02, 2004 4:27 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI3.0 behind ISA, baffled

Jeff you are genius!  That did it.  The correct specific setting was
10.1.0.10/255.255.255.255 however (since you are specifying a specif IP,
the mask is completed wth all 255's)

Evan

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jeff Pitsch
Sent: Tuesday, November 02, 2004 3:18 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI3.0 behind ISA, baffled

Yeah, I should have put this in the original message.

Change your default address translation to NORMAL.

Create a specific setting for your proxy server, and we'll see what
happens.  So this would be 10.1.0.10/255.255.0.0 (right?) and it would
equal Alternate Address.

Oh and make sure your altaddr is set to the public address of the server
(the address exposed to the Internet).  The Metaframe server needs a
public IP address for this whole thing to work.

Jeff Pitsch


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Evan Mann
Sent: Tuesday, November 02, 2004 3:10 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI3.0 behind ISA, baffled

Ok, that sounds good to me :/  Any idea of a work around, aside from
putting Citrix/WI outside of ISA?

Evan 

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jeff Pitsch
Sent: Tuesday, November 02, 2004 2:59 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI3.0 behind ISA, baffled

What I'm thinking is happening (if the changing proxy to auto doesn't
work), is the proxy is terminating and then recreating the IP packet and
in doing that, is passing the IP address for itself to the WI server.
That is why your launch.ica is returning the internal address all the
time.

Jeff Pitsch


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Evan Mann
Sent: Tuesday, November 02, 2004 2:52 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI3.0 behind ISA, baffled

Keep in mind my ISA box is behind a PIX, so ISA's external IP's are
192.168.10.0/24.  There are many in use.  For the case of Citrix, I am
using 192.168.10.45. 

The PIX's internal IP is 192.168.10.1 and the external IP being used on
the PIX for Citrix you can consider to be 11.11.11.11.

ISA's internal IP Is 10.1.0.10.  Citrix/WI box is 10.1.10.250. 

I know that is clearly an issue of the way the .ICA files are being
advertised to users who are connectiong from a network other then
10.1.0.0/255.255.0.0 and not ISA/PIX blocking any form of access.




-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jeff Pitsch
Sent: Tuesday, November 02, 2004 2:44 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI3.0 behind ISA, baffled

What is the IP address of your proxy?

Jeff Pitsch


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Evan Mann
Sent: Tuesday, November 02, 2004 2:12 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI3.0 behind ISA, baffled

Really nothing private in there:

# The UnrestrictedSessionFields property controls which session fields
can # be set by user supplied data. All session fields can be made
unrestricted # by commenting out this property.
UnrestrictedSessionFields=NFuse_Application,NFuse_AppCommandLine,NFuse_U
ser,NFuse_Domain,NFuse_Password,NFuse_LogonMode,NFuse_ClientName,NFuse_W
indowType,NFuse_WindowWidth,NFuse_WindowHeight,NFuse_WindowScale,NFuse_W
indowColors,NFuse_EncryptionLevel,NFuse_ICAAudioType,NFuse_SoundType,NFu
se_VideoType,NFuse_COMPortMapping,NFuse_ClientPrinting, NFuse_HostId,
NFuse_HostIdType, NFuse_SessionId, NFuse_Template
SessionFieldLocations=PNAgent,Script,Template,Properties,Url,Post,Cookie
Timeout=60
Version=3.0
AlternateAddress=Mapped
CacheExpireTime=3600
SessionField.NFuse_TicketTimeToLive=200
AllowCustomizeWinSize=On
AllowCustomizeWinColor=Off
AllowCustomizeAudio=Off
AllowCustomizeSettings=On
AddressResolutionType=IPv4-port
OtherClient=default
#OverrideClientInstallCaption=[Place your text here] Win32Client=Click
here to install the Citrix client&Citrix/ICAWEB/en/ica32/ica32t.exe
Win16Client=default
SolarisUnixClient=default
MacClient=default
SgiUnixClient=default
HpUxUnixClient=default
IbmAixClient=default
ScoUnixClient=default
Tru64Client=default
LinuxClient=default
LoginType=Default
#LoginDomains=[Place your domain here]
#RestrictDomains=Off
#HideDomainField=Off
#UPNSuffixes=[Place your UPN suffixes here] #NDSTreeName=[For NDS logins
place NDS Tree name here, and also change LoginType to NDS]
#SearchContextList=[NDS context1, NDS context2, ...]
AuthenticationMethods=Explicit
#ClientAddressMap=[clientAddress,AddressType,clientAddress,AddressType,.
..]
#ServerAddressMap=[normalAddress,translatedAddress,normalAddress,transla
tedAddress,...]
#InternalServerAddressMap=[normalAddress,translatedAddress,normalAddress
,translatedAddress,...]
#ClientProxy=[clientAddress,proxyType,proxyAddress,clientAddress,proxyTy
pe,proxyAddress,...]
EnableSTALoadBalancing=On
AllowUserPasswordChange=Always
AutoDeployWebClient=On
IcaWebClientVersion=8,0,24737,0
RdpWebClientVersion=5,2,3790
RdpWebClientClassID=7584c670-2274-4efb-b00b-d6aaba6d3850
IcaWebClient=wficat.cab
RdpWebClient=msrdp.cab
IcaWebClientClassID=238f6f83-b8b4-11cf-8771-00a024541ee3
ShowClientInstallCaption=Auto
RequestICAClientSecureChannel=Detect-AnyCiphers
LaunchClients=Ica-Local,Ica-Embedded,Ica-Java,Rdp-Embedded
LaunchMethod=Ica-Local
AllowCustomizeClients=Off
JavaClientPackages=SecureICA,PrinterMapping,ConfigUI
AllowCustomizeJavaClientPackages=Off
IgnoreClientProvidedClientAddress=Off
AdditionalExplicitAuthentication=None
SessionField.NFuse_Farm1=localhost,Name:Farm1,XMLPort:80,Transport:HTTP,
SSLRelayPort:443,BypassDuration:60,LoadBalance:On
EnableLegacyICAClientSupport=On
ReconnectAtLogin=DisconnectedAndActive
AllowCustomizeReconnectAtLogin=On
ReconnectButton=DisconnectedAndActive
AllowCustomizeReconnectButton=On
EnableLogoffApplications=On
AllowCustomizeLogoff=On
EnableWorkspaceControl=On
HideDomainField=On
LoginDomains=orlando1
ClientProxy=*,Client,-
ClientAddressMap=10.1.0.0/255.255.0.0,Normal,*,Alternate 

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jeff Pitsch
Sent: Tuesday, November 02, 2004 2:05 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI3.0 behind ISA, baffled

Would you be willing to post your webinterface.conf file?  Replacing any
private information obviously :)

Jeff Pitsch


********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference Join us at
ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference Join us at
ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference Join us at
ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference Join us at
ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference Join us at
ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode
use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference
Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology
Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This Weeks Sponsor Emergent Online ThinCity Conference
Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference
http://www.ThinCity.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
[THIN] Re: WI3.0 behind ISA, baffled

Other related posts:
