cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3077
Views
0
Helpful
6
Replies

Citrix XenApp through clientless ssl - WEBVPN

Rodrigo Gurriti
Participant
Participant

Hello

I've just got my sslvpn configured and when I try to access the citrix inside my network over the webvpn it gets stuck loading.

Does anyone have any idea ? There is a pic attached

6 Replies 6

Nicolas Fournier
Cisco Employee
Cisco Employee

Hi Rodrigo,

Which ASA/XenApp versions are you running?

You might be hitting "CSCtg81514 Webvpn with Citrix - Xenapp upgrade from 11.2 to 12.0 breaks app access" if you are running an affected version on the ASA side.

More info on the bug:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtg81514

Regards,

Nicolas

Thank you for your reply Nicolas,

But I don't think this is the cause. I have a test ASA 5505 running on 8.2 just fine. After i put the final solution (Active/Standby 5520 with lic for 200 users) it did not work.

My guess is the certificate, I'll take them of the failover and I'll run a local CA on the ASA for testing.

Thank you

I configured the Smart Tunnel  feature on the iNotes bookmark directly.   When the user clicks on the  bookmark, a connection will be made  through the client's browser to the  iNotes server using the ASA as a  proxy.  All traffic for the iNotes  session will be sent through the  tunnel thus bypassing the rewriter.

Hi Rodrigo,

Indeed, that is the "easy" way to solve this issue.

Citrix should normally work through the rewriter and without smart-tunnel but if you are satisfied with this solution, it should be fine

Regards,

Nicolas

I'd really like to work with out a ST, but that was the only way it worked.

Do you know any other way ?

Hi Rodrigo,

What I can tell you is that it should work without ST.

Now, to see what is really happening, we would need to collect config of the ASA, pcap and webvpn captures to see what is really happening between the ASA and your citrix server.

Since I guess you don't want to post this info on a public forum, I think that you should go ahead and have a TAC case opened to have this investigated if you really want it to work without ST.

Regards,

Nicolas

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers