08-20-2010 07:08 AM
Any folks out there using Citrix with WebVPN ?? I'm having a problem with what seems to be an ICA file rewrite. If an ICA file is sent to the client from the presentation server, all works just fine. If one of the apps we have writes the ICA file (which is dynamic), I cannot connect to the application and have to smart tunnel the citrix client to get this to work. Anyone seen this type of behavior?? I cannot seem to find any documentation about ASA and Citrix working together.
TIA,
M
08-20-2010 07:44 AM
Hi Max,
What is the ssl error that you are getting when trying to launchthe application without smart tunnel. The ASA just re-writes to the address(sslproxyhost), sslenable and ssl parameters in the ica file. Also what version of ASA would be helpful.
08-20-2010 07:50 AM
Sorry, I should have included the basics....
ASA 5520 8.3.(2)
We had the same results on 8.2.(2). I'm not really getting an error, but the ICA client just says it can't on
08-20-2010 07:57 AM
Could you just check up that particular ica file and check the address entry? and compare it with the ones which do work? If the end client is connecting to the ssl page and then to citrix server, they shouldn't directly connecting to port 1494 but rather to the port 443 of the ASAs outside fqdn.
08-20-2010 08:25 AM
I think I see the issue. As stated before, if coming from the presentation server of a published app, the ICA has the address as a long hash and below that it has
SSLProxyHosts=myasa.mydomain.com:443
SSLEnable=ON
On the ICA file that does not come from the presentation server, it has
Thanks again,
M
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide