[THIN] Re: netscalers and smartcards (CAC) - who's using them?

from the client it's a SSL VPN to the NS through the FW, the NS sits entirely in the DMZ, external FW allows 443 through and is doing NAT. From the DMZ to the inside (where the WI and citirix farm is) we allow 1494, 3010, 443, 80, 22, 53 & 2598. The client PC can use PN to get to the farm and launch apps with smart card auth, so it's just the WI that's not cooperating.

We're trying to use the WI has the default web page that the NS presents to the user.

On Thu, Jan 8, 2009 at 3:26 PM, Steve Greenberg <steveg@thinclient.net> wrote:

How is it configured exactly? Is it a pure VPN connection and not an ICA proxy? I.e. does the client have a tunnel to the WI box directly? If so, have you opened the ports need for the smart card software?? ( I have no idea what they would be)

 

 

Steve Greenberg

Thin Client Computing

34522 N. Scottsdale Rd D8453

Scottsdale, AZ 85266

(602) 432-8649

www.thinclient.net

steveg@thinclient.net

 

---

From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Steve Snyder
Sent: Wednesday, January 07, 2009 5:40 PM
To: thin@freelists.org
Subject: [THIN] netscalers and smartcards (CAC) - who's using them?

 

and what did you have to do to get the WI to come up properly?

We're trialing a NS 8.1 in our DMZ - the VPN tunnel connects and it starts to load the WI site but the smartcard (CAC) authentication just doesn't fly. Citrix is scratching their heads.