Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3617
Views
0
Helpful
6
Replies

Citrix XenApp through clientless ssl - WEBVPN

Rodrigo Gurriti
Level 3
Level 3

‎06-23-2011 06:10 PM - edited ‎02-21-2020 05:25 PM

Hello

I've just got my sslvpn configured and when I try to access the citrix inside my network over the webvpn it gets stuck loading.

Does anyone have any idea ? There is a pic attached

1 person had this problem
Labels:
Preview file
52 KB
0 Helpful
6 Replies 6

Nicolas Fournier
Cisco Employee
Cisco Employee

‎06-27-2011 07:07 AM

Hi Rodrigo,

Which ASA/XenApp versions are you running?

You might be hitting "CSCtg81514 Webvpn with Citrix - Xenapp upgrade from 11.2 to 12.0 breaks app access" if you are running an affected version on the ASA side.

More info on the bug:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtg81514

Regards,

Nicolas

0 Helpful

Rodrigo Gurriti
Level 3
Level 3
In response to Nicolas Fournier

‎06-27-2011 10:55 AM

Thank you for your reply Nicolas,

But I don't think this is the cause. I have a test ASA 5505 running on 8.2 just fine. After i put the final solution (Active/Standby 5520 with lic for 200 users) it did not work.

My guess is the certificate, I'll take them of the failover and I'll run a local CA on the ASA for testing.

Thank you

0 Helpful

Rodrigo Gurriti
Level 3
Level 3
In response to Rodrigo Gurriti

‎06-28-2011 08:57 AM

I configured the Smart Tunnel  feature on the iNotes bookmark directly.   When the user clicks on the  bookmark, a connection will be made  through the client's browser to the  iNotes server using the ASA as a  proxy.  All traffic for the iNotes  session will be sent through the  tunnel thus bypassing the rewriter.

0 Helpful

Nicolas Fournier
Cisco Employee
Cisco Employee
In response to Rodrigo Gurriti

‎06-28-2011 09:04 AM

Hi Rodrigo,

Indeed, that is the "easy" way to solve this issue.

Citrix should normally work through the rewriter and without smart-tunnel but if you are satisfied with this solution, it should be fine

Regards,

Nicolas

0 Helpful

Rodrigo Gurriti
Level 3
Level 3
In response to Nicolas Fournier

‎06-28-2011 09:12 AM

I'd really like to work with out a ST, but that was the only way it worked.

Do you know any other way ?

0 Helpful

Nicolas Fournier
Cisco Employee
Cisco Employee
In response to Rodrigo Gurriti

‎06-28-2011 09:18 AM

Hi Rodrigo,

What I can tell you is that it should work without ST.

Now, to see what is really happening, we would need to collect config of the ASA, pcap and webvpn captures to see what is really happening between the ASA and your citrix server.

Since I guess you don't want to post this info on a public forum, I think that you should go ahead and have a TAC case opened to have this investigated if you really want it to work without ST.

Regards,

Nicolas

0 Helpful
Customers Also Viewed These Support Documents