wI translation prblems/questions, in the Citrix Web Interface forum on BrianMadden.com

Hello I have a web interface setup. Currently I have the default set to Translated. I also have a couple direct connections defined as well. The problem exist where I have users from mutiple networks who need access to our applications. Here is what my tranlsation table looks like for ClientA :

Access Type Int Address Port External Addresss Port
client 10.11.12.48 1494 192.168.11.48 1494
(internal ip of server) (ip address after nat)

This seems to work fine for cleintA. The problem is this particlualr client has clients that need access to our servers as well. Clientb is on a 127.0.0.0 network and gets routed over clienta network. I cannot give this client a 192.168.11.48 addy as they cannot resolve it. I need help setting up translations for mutiple networks. I am not using secure gateway. Also If I guess a good question would be what address does the WI look at to assign translation rules does it look at the origial clients source network or the network after a nat translation. I have looked in the WI guides and advanced concepts guide with no avial

Any help would be appreciated.

Thomas

Let me addjust this to make it easer to read

Hello I have a web interface setup. Currently I have the default set to Translated. I also have a couple direct connections defined as well. The problem exist where I have users from mutiple networks who need access to our applications. Here is what my tranlsation table looks like for ClientA :

Access Type---------Int Address---------Port----------External Addresss----------Port
client----------10.11.12.48---------1494----------192.168.11.48--------------1494
(internal ip of server) (ip address after nat)

This seems to work fine for cleintA. The problem is this particlualr client has clients that need access to our servers as well. Clientb is on a 127.0.0.0 network and gets routed over clienta network. I cannot give this client a 192.168.11.48 addy as they cannot resolve it. I need help setting up translations for mutiple networks. I am not using secure gateway. Also If I guess a good question would be what address does the WI look at to assign translation rules does it look at the origial clients source network or the network after a nat translation. I have looked in the WI guides and advanced concepts guide with no avial

Any help would be appreciated.

Thomas

This sounds more like a routing issue than a WI issue. It might be a good idea to put network captures at both ends (client and WI) and see what traffic, if any, is coming and going. From what you've said, it sounds like either the client doesn't know how to route to the server, or the server doesn't know how to route back to the client.

Kevin

Kevin I think you are definatly on the right track. The clientb for instance is getting a 192.168.11.48 addy even thought he is on the 127.0.10 netowork. He is able to see the web interface fine but the ica file he is getting is not right. So to better explain this let me try to claify. Clientb tries to open an application and gets nat'd accross clienta network. So when a user on clientb goes to the web interface he is first translated to a 192.168.11 addy then to access our network he is again converted to a 10.11.12 addy. But the ica file he gets is 192.168.11.48 so it doesnt work on his network I would think i would want the wI to give him an ica file like 127.0.10.48. Im kinda lost. I guess how does everybody else handle translations for mutiple networks as it only appears to let you define one for each ip/port.

Thanks

Thomas

So it sounds like your client on the 127 network is able to talk to the WI on the 192 network. This means that both the client and the WI know how to route traffic to one another. Now is this true for the application server? Put your network capture on the App server and watch for ICA traffic from the client. My guess is that you'll see the client talking, but the App server not responding.

Kevin

Why not simply ping from the client, ping from the server?

Maybe I did not explain this very good. The problem does not appear to be a routing issue but more about the web interface server giving the proper ip address for the application servers. I'm hoping since the CSG does not use the ip address in the ica file that this is going to solve my problem.

Thomas

Actually it would.

As always thanks for all the help.