RE: Citrix ICA - Published apps

[Doug Sink <dougs () interdyn com>]

We have made it work through our firewall, Conclave, with several customers.
Sometimes it was as easy as opening up the port. The main problem is network
address translation. Then you have to set some things in the client and
server. They also made it work using a web browser for a client. I haven't
done it personally so all I have are some emails from people about what they
did. Don't give up.

If NAT is enabled, you need to make sure the "altaddr" command is run on the
citrix server.  This will make the native ICA client work.
        altaddr /set 10.1.1.3 207.122.202.3 

where 10.1.1.3 is the private address of the citrix server and the 207
address is the public address assigned to the citrix server via NAT.

If the native citrix client is being used over a dial-up network (or
Internet), you have to change the client configuration to contact the citrix
browser direct to get the "browse list" of applications.

For the web client in the applications .ica file on the internal ICA box,
set ...

UseAlternateAddress=1

... in the Application Configuration entry.  Look on Spine, in C:\inetpub,
and look at the differences between the ICA files in (say) ingr-inside and
ingr (or test, or public).  I had to create the ingr-inside set for use from
WITHIN the VPN, where UseAlternateAddress is not required - only needed for
people OUTSIDE the VPN.

Basically this does exactly the same thing as setting UseAlternateAddress in
your local ICA client config (under the Servers tab), but on a
per-application basis, and controlled at the server, not client, side.


Doug Sink
____________________________________________
Systems Engineer        630-395-1068
Internet Dynamics       888-717-2386 pager
www.conclave.com        dougs () interdyn com
2100 Western Ct., Suite 80
Lisle, IL 60532



-----Original Message-----
From: Mailing Lists [mailto:mlist () almerco ca]
Sent: Thursday, April 15, 1999 1:15 PM
To: Chris Brenton
Cc: firewall-wizards () nfr net
Subject: Re: Citrix ICA - Published apps


At 10:42 AM 4/15/99 -0400, you wrote:
> "Schultz, Ken" wrote:
> > Has anyone actually managed to make a Citrix Metaframe server - published
Hi!

I've been having the same problem as the other guy described and found out
exactly what you mention.  But I'm intrigued by your solution here:

> > We have been able to get access to the Metaframe server directly, but are
> > having one hell of a time trying to get access to the published app.
>
> For Internet access to Citrix, I've found it much easier to use DNS
> round robin. This is load sharing instead of load balancing but from my
> experience its not all that less inefficient compared to the algorithm
> use by Citrix to determine server load. If you create a number of "A"
> records which use the same name as the published app (i.e.
> msword.bohica.edu), a remote client will resolve this and find the
> server farm.

Care to elaborate and may be give a few exemples?  It could be very
interesting!