No problem. That's what the list is for. Jeff Pitsch -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Evan Mann Sent: Tuesday, November 02, 2004 4:27 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: WI3.0 behind ISA, baffled Jeff you are genius! That did it. The correct specific setting was 10.1.0.10/255.255.255.255 however (since you are specifying a specif IP, the mask is completed wth all 255's) Evan -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeff Pitsch Sent: Tuesday, November 02, 2004 3:18 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: WI3.0 behind ISA, baffled Yeah, I should have put this in the original message. Change your default address translation to NORMAL. Create a specific setting for your proxy server, and we'll see what happens. So this would be 10.1.0.10/255.255.0.0 (right?) and it would equal Alternate Address. Oh and make sure your altaddr is set to the public address of the server (the address exposed to the Internet). The Metaframe server needs a public IP address for this whole thing to work. Jeff Pitsch -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Evan Mann Sent: Tuesday, November 02, 2004 3:10 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: WI3.0 behind ISA, baffled Ok, that sounds good to me :/ Any idea of a work around, aside from putting Citrix/WI outside of ISA? Evan -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeff Pitsch Sent: Tuesday, November 02, 2004 2:59 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: WI3.0 behind ISA, baffled What I'm thinking is happening (if the changing proxy to auto doesn't work), is the proxy is terminating and then recreating the IP packet and in doing that, is passing the IP address for itself to the WI server. That is why your launch.ica is returning the internal address all the time. Jeff Pitsch -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Evan Mann Sent: Tuesday, November 02, 2004 2:52 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: WI3.0 behind ISA, baffled Keep in mind my ISA box is behind a PIX, so ISA's external IP's are 192.168.10.0/24. There are many in use. For the case of Citrix, I am using 192.168.10.45. The PIX's internal IP is 192.168.10.1 and the external IP being used on the PIX for Citrix you can consider to be 11.11.11.11. ISA's internal IP Is 10.1.0.10. Citrix/WI box is 10.1.10.250. I know that is clearly an issue of the way the .ICA files are being advertised to users who are connectiong from a network other then 10.1.0.0/255.255.0.0 and not ISA/PIX blocking any form of access. -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeff Pitsch Sent: Tuesday, November 02, 2004 2:44 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: WI3.0 behind ISA, baffled What is the IP address of your proxy? Jeff Pitsch -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Evan Mann Sent: Tuesday, November 02, 2004 2:12 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: WI3.0 behind ISA, baffled Really nothing private in there: # The UnrestrictedSessionFields property controls which session fields can # be set by user supplied data. All session fields can be made unrestricted # by commenting out this property. UnrestrictedSessionFields=NFuse_Application,NFuse_AppCommandLine,NFuse_U ser,NFuse_Domain,NFuse_Password,NFuse_LogonMode,NFuse_ClientName,NFuse_W indowType,NFuse_WindowWidth,NFuse_WindowHeight,NFuse_WindowScale,NFuse_W indowColors,NFuse_EncryptionLevel,NFuse_ICAAudioType,NFuse_SoundType,NFu se_VideoType,NFuse_COMPortMapping,NFuse_ClientPrinting, NFuse_HostId, NFuse_HostIdType, NFuse_SessionId, NFuse_Template SessionFieldLocations=PNAgent,Script,Template,Properties,Url,Post,Cookie Timeout=60 Version=3.0 AlternateAddress=Mapped CacheExpireTime=3600 SessionField.NFuse_TicketTimeToLive=200 AllowCustomizeWinSize=On AllowCustomizeWinColor=Off AllowCustomizeAudio=Off AllowCustomizeSettings=On AddressResolutionType=IPv4-port OtherClient=default #OverrideClientInstallCaption=[Place your text here] Win32Client=Click here to install the Citrix client&Citrix/ICAWEB/en/ica32/ica32t.exe Win16Client=default SolarisUnixClient=default MacClient=default SgiUnixClient=default HpUxUnixClient=default IbmAixClient=default ScoUnixClient=default Tru64Client=default LinuxClient=default LoginType=Default #LoginDomains=[Place your domain here] #RestrictDomains=Off #HideDomainField=Off #UPNSuffixes=[Place your UPN suffixes here] #NDSTreeName=[For NDS logins place NDS Tree name here, and also change LoginType to NDS] #SearchContextList=[NDS context1, NDS context2, ...] AuthenticationMethods=Explicit #ClientAddressMap=[clientAddress,AddressType,clientAddress,AddressType,. ..] #ServerAddressMap=[normalAddress,translatedAddress,normalAddress,transla tedAddress,...] #InternalServerAddressMap=[normalAddress,translatedAddress,normalAddress ,translatedAddress,...] #ClientProxy=[clientAddress,proxyType,proxyAddress,clientAddress,proxyTy pe,proxyAddress,...] EnableSTALoadBalancing=On AllowUserPasswordChange=Always AutoDeployWebClient=On IcaWebClientVersion=8,0,24737,0 RdpWebClientVersion=5,2,3790 RdpWebClientClassID=7584c670-2274-4efb-b00b-d6aaba6d3850 IcaWebClient=wficat.cab RdpWebClient=msrdp.cab IcaWebClientClassID=238f6f83-b8b4-11cf-8771-00a024541ee3 ShowClientInstallCaption=Auto RequestICAClientSecureChannel=Detect-AnyCiphers LaunchClients=Ica-Local,Ica-Embedded,Ica-Java,Rdp-Embedded LaunchMethod=Ica-Local AllowCustomizeClients=Off JavaClientPackages=SecureICA,PrinterMapping,ConfigUI AllowCustomizeJavaClientPackages=Off IgnoreClientProvidedClientAddress=Off AdditionalExplicitAuthentication=None SessionField.NFuse_Farm1=localhost,Name:Farm1,XMLPort:80,Transport:HTTP, SSLRelayPort:443,BypassDuration:60,LoadBalance:On EnableLegacyICAClientSupport=On ReconnectAtLogin=DisconnectedAndActive AllowCustomizeReconnectAtLogin=On ReconnectButton=DisconnectedAndActive AllowCustomizeReconnectButton=On EnableLogoffApplications=On AllowCustomizeLogoff=On EnableWorkspaceControl=On HideDomainField=On LoginDomains=orlando1 ClientProxy=*,Client,- ClientAddressMap=10.1.0.0/255.255.0.0,Normal,*,Alternate -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jeff Pitsch Sent: Tuesday, November 02, 2004 2:05 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: WI3.0 behind ISA, baffled Would you be willing to post your webinterface.conf file? Replacing any private information obviously :) Jeff Pitsch ******************************************************** This Weeks Sponsor Emergent Online ThinCity Conference Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference http://www.ThinCity.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor Emergent Online ThinCity Conference Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference http://www.ThinCity.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor Emergent Online ThinCity Conference Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference http://www.ThinCity.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor Emergent Online ThinCity Conference Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference http://www.ThinCity.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor Emergent Online ThinCity Conference Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference http://www.ThinCity.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor Emergent Online ThinCity Conference Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference http://www.ThinCity.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This Weeks Sponsor Emergent Online ThinCity Conference Join us at ThinCity 2004: The 1st Annual Emergent OnLine Technology Conference http://www.ThinCity.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm