Citrix access via VPN 3005 concentrator w/WebVPN


I'm attempting to configure access to Citrix via web session. I know next to nothing about Citrix, so forgive my ignorance on some of the details. I'm trying to configure access to a Citrix published app via a WebVPN session on a 3005. Here's what I've done so far:

- Upgraded to 4.7 code on the concentrator (to provide Citrix secure gateway functionality)

- Enabled Citrix support under the WebVPN tab, Base Group

- Created an internal Certificate Authority

- Generated a signed SSL cert

- Installed the CA cert and SSL cert on the concentrator

- The SSL cert name FQDN matches the actual FQDN of the internal Citrix host


- Open WebVPN session to https://"IP address" - Can login to the Citrix web app - When I click on the published app icon, it starts to load but fails with an SSL name resolution erro - I'm not too concerned, as Cisco warns that you can't utilize an IP address for the SSL must use the FQDN for the cert. - Again, the name of the SSL cert is the FQDN of the internal Citrix host (the hostnames and domain match) - Is this an issue?

- Open WebVPN session to https://"FQDN"

- Since I don't have the host info in DNS yet, I put the FQDN IP->name mapping in my hosts file - We can open a WebVPN session with the host entry with no problem. - Click on Citrix web client link, we receive the "Page cannot be found..." error.

Has anyone ever got this scenario to work? Any help will be appreciated!

Reply to
Loading thread data ...


I have this scenario working with Citrix PS4 and a 3005. I can access the Citrix servers with the full web client and java client. I am currently working with the Citrix activeX client and that works as well.

However, I am still working on getting that activeX client to push automatically when connecting through the 3005, The activeX client installs automatically when connecting directly to the Citrix Web Interface, but prodeces an error when trying to push through a wenVPN session.

Let me know what type of Citrix client you are try> Hello,

Reply to
keith.tarantino Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.