NO CSG.....question about ALTADDR, in the Citrix Web Interface forum on BrianMadden.com

I dont have a CSG in place as of yet.

I have a question........

I have my DMZ rules setup under the access console as

192.168.1.0
255.255.255.0
direct

Default is set to Alternate


I have 2 internal citrix servers CTX01 and CTX02

My web server also runs internally with a 1 to 1 nat through the firewall.

This seems to work fine but for the ALTADRR command on each PS4 server.........would i put in the external address of the firewall on both servers ? or would it be unique addresses.....1 for each PS4 server.

im a bit confused.

1 unique public IP for each Citrix Server that is responding to Internet Clients (without CSG, CAG or other SSL VPN). On the firewall you'd setup a one to one NAT for each public IP Address that corresponds to the alternate address of the Citrix Servers.

There's usually more than one way to do anything, but this way works in absense of SSL VPN.

There are two presentation server and 1 web server.
Inside the network working fine, but when the client tried to access from outside, he can able to log on and see the application. When we tries to open an application, got the error.

'There is no Citrix MetaFrame server configured on the specified address'

We are not using CSG.

Server Details:

Presentation server - 10.2.x.x
Public IP - 122.188.x.x
Web server - 11.168.x.x (DMZ)



Already run the altaddr command in the Presentation server.
do i need any setup in web interface

In this case, you'd go into the AMC - WI Site -> Edit DMZ Settings -> Use Alternate Address = Default, Direct = your internal IP Address Range.

I would however recommend that you simply install CSG on this WI server so you don't have to use ALTADDR and allow direct connections to your Citrix Servers. Here are step by step directions on how to do this:

http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part1.html

http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part2.html

hi Patric,
still , no solution.

Server Details:

Presentation server - 10.2.x.x
Public IP - 122.188.x.x
Web server - 10.2.x.x (lan)
inside lan, working fine. outside got the following
'There is no Citrix MetaFrame server configured on the specified address' .
ther is no CSG,
already i apply the amc-dmz-alternate method also.,
do i need any address translation in WI settings.

Considering that you have aa route to the Citrix servers in the DMZ from the outside world..

get the users to do a traceroute to the public IP and see it the trace completes..

do a telnet to port 1494 from the users system to the Citrix servers public IP to see if it's listening on tht port..may be u are able to reach the servers but the traffic on port 1494 is not being forwarded...

I have a related question:

I'm currently setting up a Web Interface - based PS 4.0 farm for a customer... Their Admin didn't get the SSL Cert ordered in time, so it will be Tuesday at the earliest before we get the Cert and can finish the CSG portion... In the meantime, Users need to be able to use the new Farm starting MONDAY morning (long story)... SO, I have 2 questions:

1.  The "one-to-one NAT" on the firewall... I understand that to mean Static NAT entries, Public to Private with NetMask, one pair for each Citrix server? 

2.  Once we get our Cert, will we need to "undo" any of this, so that the CSG works properly?

 

Thanks for the help.

you will need to use altaddr in this instance so that the ica files understand how to get to your citrix servers.

a simple way to test this is to login to your web interface and right click a published app, save the ica file down and open it using notepad. The ip address listed in the ica file should match your external address on your citrix server (aka your altaddr).

 

Hopefully this makes some sense. Im sure others will correct me or go further in depth if you need.

Yeah, that's what we did, initially, to get it to work...

NOW we're ready -- with our new Cert -- to implement CSG... Will I need to UNDO the ALTADDR config,

before I can then do the CSG config using the Access Suite Console?

You will be performing the install on the WI server (assuming you are putting CSG on the same server) so this will not affect your alternate addresses.  

I used the following site in installing CSG and a cert on 2 servers in the last couple of months:

http://www.msterminalservices.org/articles/Install-Configure-Citrix-Web-Interface-Secure-Gateway-Part1.html

Have a good day.

Patrick:

Someone was monkeying with the setup the way we had it, and now it's broken...

It's 2 CPS 4.0 servers -- BOTH have an ALTADDR address configured on them; 1-to-1 Private to Public

on the firewall -- and in the Console on the WI box, I have "Default" as "Alternate" and both IP's of

the CTX boxes entered as "Direct"...

 

We keep getting "There is no Citrix XenApp server .... " error messages, no matter what we do.

What could we be doing wrong??

Thanks.

Never mind... Our Citrix settings were all correct... Turns out it was the Firewall that somebody had

been fiddling with... They whacked the config, and when they tried to put it back, they got the

Static (i.e., ALTADDR) routes set up correctly but they forgot to also put back the appropriate ACLs

for those routes... (It's a Cisco ASA)...

 

After we put back the copy of the working Config that we had made -- with the ACLs intact -- it worked great.

Thanks.