Hi All, I have setup a 1841 Router with WebVPN, behind a 837 internet router. I have natted through port 443.
I have a Citrix server inside and am publishing it through the WebVpn.
I can connect to the Web Interface but can not launch applications. If I use the activeX component I get a generic error, can not connect to an application. If I use the Java client I get an error "Error opening ICa file" "The address of an application server must be specified"
I have internally created certificates installed on the router and the root certificate installed as trusted in IE and Java.
There is an error logging on the 1841 each time I try to launch an application.
Jun 22 05:02:08.246: %TCP-2-INVALIDTCB: Invalid TCB pointer: 0x63A24534
-Process= "SSLVPN_PROCESS", ipl=
0, pid= 120 -Traceback= 0x60AD545C 0x61180F74 0x6117E9B8 0x61BBD2C4 0x61BBAB20 0x61BBB104 0x61BBEDD8 0x61 BCDA0CHere is the running config without the real names or IPs.
Thanks for any suggestons. I have spent ages on this so far.
----------------------------- bob#s run Building configuration...
Current configuration : 8679 bytes ! ! Last configuration change at 15:03:08 NZST Thu Jun 22 2006 ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname bob ! boot-start-marker boot-end-marker ! no logging buffered ! aaa new-model ! ! aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization exec default local ! aaa session-id common ! resource policy ! clock timezone NZST 12 clock summer-time NZDT recurring 1 Sun Oct 2:00 last Sun Mar 2:00 ip cef ! ! ! ! ip domain name mytestwebvpn4.co.nz ip name-server 10.73.220.4 ! ! crypto pki trustpoint TP-self-signed-117527664 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-117527664 revocation-check none rsakeypair TP-self-signed-117527664 ! crypto pki trustpoint mytestwebvpn4.org.nz enrollment terminal serial-number fqdn bob.mytestwebvpn4.co.nz ip-address FastEthernet0/0 password subject-name OU=MY_OU, CN=bob.mytestwebvpn4.co.nz, C=NZ revocation-check crl rsakeypair SDM-RSAKey-1150934803000 ! ! crypto pki certificate chain TP-self-signed-117527664 certificate self-signed 01 D8AC05A8 6B2F9945 3E quit crypto pki certificate chain mytestwebvpn4.org.nz certificate 61C2A6A000000000000F
8C4E7AB quit certificate ca 2F2FAD22B439B28F4BDB0CF2978A5E85 DDEBC0 99175B8C FCD38DF6 E586759C 6C5FA52A B3F7DF quit! ! interface FastEthernet0/0 ip address 192.168.193.222 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 10.73.220.248 255.255.255.0 duplex auto speed auto ! ip route 0.0.0.0 0.0.0.0 192.168.193.1 ! ! ip http server ip http secure-server ! access-list 101 remark Outside access list inbound traffic access-list 101 permit tcp any host 192.168.193.222 eq 443 access-list 101 deny ip any any log ! ! ! ! scheduler allocate 20000 1000 ! webvpn gateway sample_1 ip address 192.168.193.222 port 443 ssl trustpoint mytestwebvpn4.org.nz inservice ! webvpn context Default_context ssl authenticate verify all ! no inservice ! ! webvpn context test_1 title "Test Web VPN" title-color #669999 secondary-color white text-color black ssl authenticate verify all ! url-list "Printer" heading "HTTP Printer" url-text "HP Printer" url-value "http://10.73.220.38"! url-list "SDMCitrixServerList2" heading "My Citrix farm" url-text "server2" url-value "http://10.73.220.71/Citrix/MetaFrame/auth/login.aspx"! login-message "You must be authorised to access this network." ! policy group NUTS01_RDP url-list "Printer" url-list "SDMCitrixServerList2" hide-url-bar citrix enabled default-group-policy NUTS01_RDP aaa authentication list default gateway sample_1 inservice ! end
bob#