06-14-2006 01:57 AM - edited 03-09-2019 03:14 PM
I am trying to find more info about using a Citrix farm through an ISR Web VPN.
I can not find a lot of documentation about it or any example config.
My main question is: What is the user's experence like. Are they presented with a Java session only? Or can they use the Citrix activex web client and have a normal Citrix session as if they were on the internal network. I do no want to deploy using the Web VPN client. Does it emulate a Citrix Access Gateway or Cirix Secure Gateway.
If anyone out there as any experence with this setup please let me know.
Regards,
Scotty
06-20-2006 08:03 AM
To configure Web VPN try following steps: Configure the basic parameters to define a group which will be used to connect to the concentrator, Enable Citrix Metaframe access for that group under WebVPN, Obtain an SSL certificate for the public interface to facilitate Web VPN users to connect, If the Citrix Java Web Client is to be used, JVM version 1.4.2_06 or later must be installed on the client workstation,In addition, the root certificate must also be installed in the JVM root certificate store. All other ICA clients only require that the root certificate be installed in the browser, Access Citrix-enabled terminal service resources through a clientless WebVPN session.
06-21-2006 09:12 PM
Thanks for the feedback that helped however now I am trying to get it running.
I have setup a 1841 Router with WebVPN, behind a 837 internet router. I have natted through port 443.
I have a Citrix server in side and am publishing it through the WebVpn.
I can connect to the Web Interface but can not launch applications. If I use the activeX component nothing happens at all. If I use the Java client I get an error "Error opening ICa file" "The address of an application server must be specified"
I have internally created certificates installed on the router and the root certificate installed as trusted in IE and Java.
There is an error logging on the 1841 each time I try to launch an application.
Jun 22 05:02:08.246: %TCP-2-INVALIDTCB: Invalid TCB pointer: 0x63A24534 -Process= "SSLVPN_PROCESS", ipl=
0, pid= 120 -Traceback= 0x60AD545C 0x61180F74 0x6117E9B8 0x61BBD2C4 0x61BBAB20 0x61BBB104 0x61BBEDD8 0x61
BCDA0C
Here is the running config without the real names or IPs.
Thanks for any suggestons. I have spent ages on this so far.
-----------------------------
bob#s run
Building configuration...
Current configuration : 8679 bytes
!
!hostname bob
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
clock timezone NZST 12
clock summer-time NZDT recurring 1 Sun Oct 2:00 last Sun Mar 2:00
ip cef
!
!
!
!
ip domain name mytestwebvpn4.co.nz
ip name-server 10.73.220.4
!
!
crypto pki trustpoint TP-self-signed-117527664
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-117527664
revocation-check none
rsakeypair TP-self-signed-117527664
!
crypto pki trustpoint mytestwebvpn4.org.nz
enrollment terminal
serial-number
fqdn bob.mytestwebvpn4.co.nz
ip-address FastEthernet0/0
password
subject-name OU=MY_OU, CN=bob.mytestwebvpn4.co.nz, C=NZ
revocation-check crl
rsakeypair SDM-RSAKey-1150934803000
!
!
crypto pki certificate chain TP-self-signed-117527664
certificate self-signed 01
D8AC05A8 6B2F9945 3E
quit
crypto pki certificate chain mytestwebvpn4.org.nz
certificate 61C2A6A000000000000F
8C4E7AB
quit
certificate ca 2F2FAD22B439B28F4BDB0CF2978A5E85
DDEBC0 99175B8C FCD38DF6 E586759C
6C5FA52A B3F7DF
quit
!
!
interface FastEthernet0/0
ip address 192.168.193.222 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.73.220.248 255.255.255.0
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 192.168.193.1
!
!
ip http server
ip http secure-server
!
access-list 101 remark Outside access list inbound traffic
access-list 101 permit tcp any host 192.168.193.222 eq 443
access-list 101 deny ip any any log
!
!
!
!
scheduler allocate 20000 1000
!
webvpn gateway sample_1
ip address 192.168.193.222 port 443
ssl trustpoint mytestwebvpn4.org.nz
inservice
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
!
webvpn context test_1
title "Test Web VPN"
title-color #669999
secondary-color white
text-color black
ssl authenticate verify all
!
url-list "Printer"
heading "HTTP Printer"
url-text "HP Printer" url-value "http://10.73.220.38"
!
url-list "SDMCitrixServerList2"
heading "My Citrix farm"
url-text "server2" url-value "http://10.73.220.71/Citrix/MetaFrame/auth/login.aspx"
!
login-message "You must be authorised to access this network."
!
policy group NUTS01_RDP
url-list "Printer"
url-list "SDMCitrixServerList2"
hide-url-bar
citrix enabled
default-group-policy NUTS01_RDP
aaa authentication list default
gateway sample_1
inservice
!
end
bob#
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide