Thank you for your reply Nicolas,

But I don't think this is the cause. I have a test ASA 5505 running on 8.2 just fine. After i put the final solution (Active/Standby 5520 with lic for 200 users) it did not work.

My guess is the certificate, I'll take them of the failover and I'll run a local CA on the ASA for testing.

Thank you

I configured the Smart Tunnel  feature on the iNotes bookmark directly.   When the user clicks on the  bookmark, a connection will be made  through the client's browser to the  iNotes server using the ASA as a  proxy.  All traffic for the iNotes  session will be sent through the  tunnel thus bypassing the rewriter.

Hi Rodrigo,

Indeed, that is the "easy" way to solve this issue.

Citrix should normally work through the rewriter and without smart-tunnel but if you are satisfied with this solution, it should be fine

Regards,

Nicolas

I'd really like to work with out a ST, but that was the only way it worked.

Do you know any other way ?

Hi Rodrigo,

What I can tell you is that it should work without ST.

Now, to see what is really happening, we would need to collect config of the ASA, pcap and webvpn captures to see what is really happening between the ASA and your citrix server.

Since I guess you don't want to post this info on a public forum, I think that you should go ahead and have a TAC case opened to have this investigated if you really want it to work without ST.

Regards,

Nicolas