Cisco VPN on Citrix Cleint?

[mcclurm]

Just to let you folks know...I know squat about Citrix so all help is greatly appreciated. Anyway, here is my problem.

We have several clients using different versions of Citrix at their location. In order for them to connect to our system they need to establish a VPN connection with our network and then open a TS or Remote Desktop connection to our Terminal Server.

Is there a way for the users at the client machines to establish the VPN connection through their Citrix server to our network and then open a TS session to our TS box?

 

[NetIntruder]

If you have Citrix running, I would highly recommend setting up an NFuse portal for this purpose (preferabley behind a Citrix Secure Gateway/Secure Access Manager). You can open up your apps (or a terminal) directly from the web page then.

Does this help you?

~Intruder~

"The Less You Do, The Less Can Go Wrong"

 

[mcclurm]

Actually, I don't think that will help with what we're doing. But I really appreciate your response and I'll dig into that a little further.

Thanks!

 

[topmad4it]

have you thought about publishing terminal services!

 

[Ogi]

Hi,

Have you got the VPN software on the first Citrix server? Does it work and does it do what you want?

Once you have done it on your first Citrix server, what's your plans to publish it? What will you publish?

Not knowing about your VPN software (and you telling me will not help me anyway ;-) just how will you then get the user to connect?

The only way I can picture it is that you'd publish a desktop from your first Citrix Server, then autostart the VPN client for your users, then have them click an icon to start a Windowed Desktop to the second Citrix server!

If that helps and you need further info, please post!

Cheers,
Carl.

 

[mcclurm]

The VPN software is on the first Citrix box and has been published to the desktop. If one user has the VPN software open all of the users that log in after that get an error pertaining to the VPN software. We considered just running the software and leaving the connection up and running on the server, that way when the users logged in the connection would already be established. However, all of the users get the same error we had before. I'm sorry I can't give you the error yet, but our client has not called me back.

 

[Ogi]

Hi,

It sounds like the software isn't Citrix friendly and that you won't get it doing what you want it to do!

Cheers,
Carl.

 

[mcclurm]

I kind of figured that same thing, but I don't know enough about Citrix to really make that assessment.

 

[Candidog]

What do you just make a direct conenction to the Citrix server. Open up port 1494 and port map the address to the server on the firewall. Tada your done....

Greg

 

[mcclurm]

Its not that simple. The Citrix clients on one one net work need to connect to our network through a VPN connection and then to a Terminal Server on our network. There is not direct connection, they have to use the VPN, and that is the part that isn't working.

 

[Candidog]

Even easier, Let the user connect to your network via the VPN client, then you can have your Citrix client connect via PN (Publish Desktop) or direct connection. With this you don't need to open 1494 port on your firewall.

Greg

 

[mcclurm]

I hope I explain it a little better this time.

The user is on a citrix client that is basically a dumb terminal. It won't run any software other than the thin client. That box is the one that needs to initiate the VPN connection. Since they can't run the software on their machine, we have to put it on a Published Desktop, so they can establish the VPN connection. Once they establish the connection through the PN they have to launch a Microsoft Terminal Server session from the PN to hit our MS Terminal Server. However, the VPN software gives us an error when it is run through the Published Desktop.

 

[kickinsand]

Hope someone has solved this already, but anyway. Citrix works on the idea of shared dll's. alot of programs like the cisco client due to their design or needs mosty for security reasons are written not to share.

You can try installing the client into a seperate "user" folder for each user, with a shortcut in eaches startup. this will cause increased overhead on the server but has been known to work.

 

[cnbit]

We have several remote users that have high speed internet on their end, and need to connect to a citrix server on our network. We are using a watchguard firewall and we configure a rule that allows their static ip address to pass an ica request thru port 1494 to a citrix server. We are using NAT to redirect our firewall external address to our citrix server internal address.
The ica client on the remote user is configured to connect to the ip address of the firewall and our encryption is set to the highest level. The user will get a prompt to log on to our network and he will then get a desktop. We are using Tricerat desktop, so the user sees only what we want them to see on the desktop.