CPS 4.0 and NAT, in the Citrix XenApp / Presentation Server forum on BrianMadden.com
Brian Madden Logo
Your independent source for desktop virtualization, consumerization, and enterprise mobility management.

CPS 4.0 and NAT, in the Citrix XenApp / Presentation Server forum on BrianMadden.com

rated by 0 users
Not Answered This post has 0 verified answers | 10 Replies | 0 Followers

Not Ranked
Points 360
johnyy soprano posted on Tue, May 2 2006 3:57 PM
Hey

Setting up a LAN with PS 4.0 Servers behind a Cisco PIX 515. Using NAT between the inside and
outside interface. Inside=172.16.127.x, outside 172.16.128.x. The server IP is 172.16.128.30.

All the right ports are open and i ran altaddr command like this:

altaddr /SET 172.16.127.30 172.16.128.30

Still no luck. Using a application set or a custom connection on the inside work, but not from the
outside. What am I doing wrong. Plese help me...

Thanx in advance.



Johnyy... (*)
  • | Post Points: 20

All Replies

Top 10 Contributor
Points 34,180
Is the 172.16.128.30 address the address that a client would use to reach the server? (i.e. is this a third party vendor network that's terminating in your DMZ)? Or are you attempting to use that address to be internet accessible? 172.16.x.x is a private Class B subnet so it wouldn't be routable from the outside.

Shawn


http://www.shawnbass.com

Attend my "Unofficial" 5-day Citrix Master Class.  http://www.shawnbass.com/training.aspx

  • | Post Points: 20
Guest replied on Tue, May 2 2006 10:08 PM
What's your outside address? not sure, go to whatsmyip.org it'll tell you immediately. That is what you put after altaddr /set
  • | Post Points: 20
Not Ranked
Points 360
As I said, this is just a LAN, I am not trying to connect from the internet. On segment of the LAN is 172.16.128.x, the other segment behind
the pix firewall is 172.16.127.x, this is were the servers are located.

Therefor a client with ip: 172.16.128.78 is trying to connect to the server on the inside with ip: 172.16.127.30. The firewall is translating the ip.
when i use normal rdp it works ok. But citrix is not going through. All the right ports are open, 1494 and so on.

I have also tried using the altaddr command, but with no success.

Shouldt this setup work when using a custom ICA connection, setting up the server to be 172.16.128.30 ?. I have used rdp in this way for 2 years,
and never a problem.

thanx again.
Johnyy... (*)
  • | Post Points: 35
Top 10 Contributor
Points 88,220
Your NATing so you still have an 'external' address for the server. that external address is what you assign with altaddr. The clients MUST be using some IP address to connect and it is not the actual IP address of the server. From the client network, what IP address would you use to ping the server?
  • | Post Points: 5
Top 500 Contributor
Points 510
Hi Jsoprano10.

You said rdp works so the nat translation itself is working. Have you tried to telnet to port 1494 on the 172.16.128.30 address?

Allso, don't forget to check the box to use alternate address on your clients in the 172.16.128.x subnet.

Good luck
  • | Post Points: 20
Guest replied on Wed, May 3 2006 8:07 AM
Telnet is working on port 1494 ! I also had luck trying to connect to the citrix server when using the
server name and ip in my custom connection. Its when im trying to connect to the published desktop im
getting the cannot connect problem. Is there a diffrence ?

As my title says, im a newb with citrix

thanx
  • | Post Points: 20
Top 10 Contributor
Points 34,180
ORIGINAL: Guest

Telnet is working on port 1494 ! I also had luck trying to connect to the citrix server when using the
server name and ip in my custom connection. Its when im trying to connect to the published desktop im
getting the cannot connect problem. Is there a diffrence ?

As my title says, im a newb with citrix

thanx


When you're using published applications you need to make the server accessible on TCP/1494 as well as TCP/80 (assuming you're using TCP/IP+HTTP for published application location). If you use the Program Neighborhood client to create a Custom ICA connection, it should work and you should get a desktop. Now if you want to use published applications, you'll also have to port forward TCP/80 to all of the Citrix servers to allow the Published Application location / load balancing piece to work. Alternatively, set up a Web Interface box on the inside and let users connect on port 80 to it. Then all of the XML server service communicate will occur between the WI server and the Citrix server and the user will not need to communicate with the Citrix servers on port 80.

Shawn

http://www.shawnbass.com

Attend my "Unofficial" 5-day Citrix Master Class.  http://www.shawnbass.com/training.aspx

  • | Post Points: 20
Top 150 Contributor
Points 1,345


  • | Post Points: 20
Not Ranked
Points 360
Thanx Shawn Bass, looks like port 80 is the problem. Its open in the firewall though, but not working.
Can connect to the published desktop with pure TCP/IP.

Thanx to all for good advice.
Johnyy... (*)
  • | Post Points: 5
Not Ranked
Points 360
A final post from me on the subject. Looks like everything is working now.
BrianMadden.com is truly the greates forum in the world. [:)]
Johnyy... (*)
  • | Post Points: 5
Page 1 of 1 (11 items) | RSS