By this do you mean that a VPN tunnel is established and then you present the actual WI server page as a redirect/forward to the user automatically?
Steve Greenberg
Thin Client Computing
34522 N.
(602) 432-8649
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Steve Snyder
Sent: Thursday, January 08, 2009 1:07 PM
To:
Subject: [THIN] Re: netscalers and smartcards (CAC) - who's using them?
from the client it's a SSL VPN to the NS through the FW, the NS sits entirely in the DMZ, external FW allows 443 through and is doing NAT. From the DMZ to the inside (where the WI and citirix farm is) we allow 1494, 3010, 443, 80, 22, 53 & 2598. The client PC can use PN to get to the farm and launch apps with smart card auth, so it's just the WI that's not cooperating.
We're trying to use the WI has the default web page that the NS presents to the user.
On Thu, Jan 8, 2009 at 3:26 PM, Steve Greenberg <steveg@thinclient.net> wrote:
How is it configured exactly? Is it a pure VPN connection and not an ICA proxy? I.e. does the client have a tunnel to the WI box directly? If so, have you opened the ports need for the smart card software?? ( I have no idea what they would be)
Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd D8453
Scottsdale, AZ 85266
(602) 432-8649
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Steve Snyder
Sent: Wednesday, January 07, 2009 5:40 PM
To: thin@freelists.org
Subject: [THIN] netscalers and smartcards (CAC) - who's using them?
and what did you have to do to get the WI to come up properly?
We're trialing a NS 8.1 in our DMZ - the VPN tunnel connects and it starts to load the WI site but the smartcard (CAC) authentication just doesn't fly. Citrix is scratching their heads.
No comments:
Post a Comment