ASA DMZ, VMware Security server, guest access

joeclarktx · ‎02-24-2013

I have a setup where we have a VMware View Security sitting in a DMZ that is paired with a Connection Server on the Inside. The connection works fine internally and externally. What I am running into is that I have a Guest wireless setup on another DMZ that is a lower security level than the VMware DMZ. When my users go to connect, they get prompted for their password, but when it goes to connect, they just get a black screen that looks to be logging them into the VMware view session, but the window ends up closing after about 10 seconds

I think this has something to do with the security level, the fact that the security servers present an outside address to connect to, or I need to use the same-security level and run same-security-traffic

Does anyone have experience with this? Or at least point me in the right direction?

Thank You

Jennifer Halim · ‎02-24-2013

The fact that the user gets prompted for the password and it does connect, means that there is no issue with the security level on the ASA. If there is issue, the ASA won't even allow the actual connection.

What ip address did you connect to the VM with? the DMZ ip address? Can you share the ASA configuration?

joeclarktx · ‎03-26-2013

I will try to post the parts of the config for VMware.

MooreIT01 · ‎02-25-2013

I assume you're using PCoIP and not RDP right? If so you need TCP 443,4172, and UDP 4172 open between those servers (TCP 3389 for RDP). When I've seen the black screen before it was due to one of these not being open probably one of the PCoIP specific ports since you're getting through on the authentication piece. Packet Trace on those ports between interfaces perhaps and see where it breaks down?

joeclarktx · ‎03-26-2013

All those ports seem to be fine as the connection works from the outside. I will go back through it.