Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Question about infrastructure configuration.

Status
Not open for further replies.
said07

said07

IS-IT--Management
May 3, 2004
168
US
Greetings,

I am planning on having 2 Media Presentation Servers inside (lan) and a Web Interface on the dmz.

My dilemma is how:
1- To configuremy Pix to let traffic to my Web interface on the Dmz.
2- To configure my Web Interface in the Dmz so my users can connect to resources (folders, database) in the Lan.

I have Enterprise edition.

Thanks for sharing.

Said

 
Sort by date Sort by votes
said07,
I'm assuming you mean Metaframe Presentation Server versus "Media Presentation Servers".

If so, your clients connecting to your web interface server on your dmz will be doing this via http port 80(like normal) or if secured https via port 443.

Your pix firewall will need to be configured so that your Web Interface server can allow XML traffic and ICA traffic back to your Citrix Presentation servers (inside your LAN).
This usually means port 1604 and 1494 (for client to server connection) and what ever port you are using for your XML services on your citrix server.
This port is configurable via your CMC (citrix management console) by going to your servers folder and right-clicking-going to properties and looking at your XML port settings.

I hope this helps.

 
Upvote 0 Downvote
I dont think you need port 1604 anymore.

However I would be looking at Secure Gateway as a means of securing this traffic.

[blue] A perspective from the other side!![/blue]

Cheers
Scott
 
Upvote 0 Downvote
Thanks to both of you.

Yes, enigma99, I meant Metaframe Presentation Server 4.0.

I did what you said on the firewall (Pix) and when I put my Web Interface server (WI) on the Dmz, and tried to just Rdp to it, I got " cannot log you on, cannot contact a domain controller" I googled it and found that it could be related to Dns, so changed dns servers to point to the Internal Dns server with no luck.

Also, Ascotta, when I tried to install secure Gateway, it told me, you need a certificate. I have an internal CA that I used to issue a certificate for my Exchange Owa. Can I use that to issue the certificate or get a third party because my WI is on the dmz?

Any ideas?
 
Upvote 0 Downvote
Yes you can issue, and control, from your internal CA.

[blue] A perspective from the other side!![/blue]

Cheers
Scott
 
Upvote 0 Downvote
Actually now that I come to think there is a very good "How to" on the Citrix web site, as part of Admin Guide.

[blue] A perspective from the other side!![/blue]

Cheers
Scott
 
Upvote 0 Downvote
Greetings guys,

I did what you suggested
The web interface is now on the dmz and I authenticate through it but when I try to start an app or open a content i get:
ERROR: An error has occurred while connecting to the requested resource.

Any suggestions, thanks.

Said07

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tendim
  • Locked
  • Question
Discussion about greenfield deployment, any help appreciated!
Replies
0
Views
76
tendim
tendim
johnsolo
  • Locked
  • Question
about xen desktop connection
Replies
0
Views
67
johnsolo
johnsolo
spi200
  • Locked
  • Question
CSG and RSA secuid question
Replies
0
Views
76
spi200
spi200
said07
  • Locked
  • Question
Terminal services licensing question
Replies
1
Views
83
arell12
arell12
said07
  • Locked
  • Question
Upgrade question
Replies
1
Views
86
AW78
AW78

Part and Inventory Search

Sponsor

Back
Top