Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cannot Log On to Citrix Presentation Server Through New Cisco Firewall

Status
Not open for further replies.

andyshriver

Technical User
Dec 25, 2004
75
US
We run a Citrix PS4.0 on a WinAdvSvr2KSP4 box, and have had very few problems over the past 5-6 years. In the wake of Hurricane Irene, our SonicWALL Pro-200 firewall appliance died. We bought a Cisco RVS4000 Small Business Firewall/Router, which I installed with no problem. In the course of testing all connectivity scenarios, I realized that I could not connect to the Citrix server. Because the SonicWALL appliance had been configured prior to my arrival here as IT lead, I foolishly assumed that the firewall settings, particularly port and rules settings for the Citrix server, had been documented. Borrowing a page from MS-ISA, logging into the Cisco RVS4000 interface, I selected the Firewall tab and went to the IP-Based ACL sub-tab, clicked the Service Management button and created a custom service called Citrix ICA TCP, selected TCP for the service type, entered 443 for starting and ending ports and then saved my changes. Returning to the Edit IP ACL Rule page, I selected The following:
Action: Allow
Service: Citrix ICA TCP
Log: (Check Box checked)
Log Prefix: ICA
Source Interface: ANY
Source IP: ANY
Destination IP: Single - 192.168.(internal IP for Citrix box)
Scheduling: Everyday - 24 Hours
So far, no joy. Nothing inside of the firewall has changed particularly in terms of the Citrix server's settings. I am very frustrated, as are the multiple remote users who are dead in the water until I get this thing properly configured! I would greatly appreciate anyone's input on this matter.

Please help!!
 
I cannot seem to delete the last post, as much as I wish I could. The answer was embarrassingly simple. Because the dead firewall was also a DHCP server, I enabled the DHCP server service on our DC. Because DNS server info is forwarded dynamically, I pointed the Citrix server to the DC's IP and FORGOT to point change the DNS setting back to the settings in the firewall. Because I had the port forwarding properly set, once I reset the Citrix box's IP, I was golden - problem solved! It is now time to forward a budget proposal to the owners for Win Svr 2K8 R2 and Xenapp 11 - yeah, right...

Many thanks to all who at least read the post.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top