Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

External users cant connect to second citrix server 1

Status
Not open for further replies.

trevorh13

Instructor
Sep 18, 2000
132
GB
I am currently running a test bed of two Presentation Servers (version 4.5.) Both servers are sitting behind a watchguard firewall that is performing NAT.

The original server can be connected to from the outside without error. Any traffic from outside the internal network is set to be translated through a translation map configured in Access Manager Console.

I then deployed a second server into the farm and have published its desktop. I then added an extra translation into the map that translated the internal address to port 1495 of the watchguard's external port.

The Watchguard was then configured to port forward 1495 to the internal system in the same way as it does with 1494 to the first server.

Internal clients connect fine to both servers but external clients receive a "network connection to your application was interrupted message"

Can anyone offer any advice on what is wrong?
 
did you run the altaddr command on your second Citrix server?

I don't know anything about watchguard firewalls. Are you using a watchguard vpn client to connect to the firewall?
 
I ran the altaddr command on the second server specifying x.x.x.x:1495 as the external address (x.x.x.x being the external ip of the firewall.)

I am currently not running VPN connections at all. I understand the security implications of this but am currently running in a seperate test bed environment. When I go live I will either use the secure access manager or create VPN tunnels between the citrix network and clients.

Kind regards

Trevor
 
what's the logic for using 1495 as your ICA port? Are you attempting to use your external firewall address as the "public" (external side of the firewall citrix server) address? That's not going to work. Each host (Citrix server) will require its own NATed ip address on the firewall
 
Anything for citrix server one enters my external firewall address on port 1494. My firewall forwards any 1494 traffic it receives to the internal IP address of citrix1. I want traffic coming into citrix2 to enter the external ip of the firewall on port 1495. I can then create a port forward rule to forward 1495 traffic to the second citrix server.

From what you say I get the impression that this is not possible and that each Citrix server must have its own public IP if connected to the internet. Is there no way that citrix can be made to listen for ica traffic on a port other than 1494?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top