Forum Discussion

amolari's avatar
amolari
Icon for Cirrostratus rankCirrostratus
Jul 17, 2014

citrix with NAT, possible?

I'm trying to have the following environment working:

  • APM app publishing for XenApp 6.5
  • 2 XML broker and 2 ICA servers
  • the citrix environment is in a vCould with NAT. BIGIP sees the NATed addresses of all servers.

The broker part is working well as I get the apps publish on the webtop. The issue is when the receiver starts and the APM gets the XML file for app connection, we see inside that file following entries that are problematic




    
      :1494
[...]
      :443
[..]

The result is that packet trace for the Receiver to APM shows only a couple of TLS handshakes without app data, then the APM terminates them. The receiver puts an error "network issue" (not SSL, as we have fixed all certificate/SSL issues previously). I guess it's because it cannot interpret/rewrite that XML file. We must use NAT because of vCloud/topology and I'm stuck here. Any idea?

Thanks! Alexandre

BIG-IP Access Policy Manager (APM)
citrix
citrix xenapp
deployment
security
  • amolari's avatar
    amolari
    Icon for Cirrostratus rankCirrostratus
    Jul 17, 2014

    formatting issue

     

    "ICA_server_IP_physical":1494 [...] "FQDN_of_ICA_server":443 [..]

     

  • Arnaud_Lemaire's avatar
    Arnaud_Lemaire
    Icon for Employee rankEmployee
    Aug 01, 2014

    Trying to understand, the problem is that the broker sends the internal IP, and the bigip cannot reach i, is that correct ?

     

  • Matt_Dierick's avatar
    Matt_Dierick
    Icon for Employee rankEmployee
    Aug 01, 2014

    Alex,

     

    On APM, if you check VDI check box, APM will insert SSL Proxy field in the ICA file so that Receiver join the hostname used to join APM instead of reaching internal or NATted IP addresses.

     

    Did you used Citrix VDI apps ? Do you see in ICA file public hostname or public IP address ?