Cisco :: Citrix NetScalar Vs Anyconnect On A Pair Of 5540s
Oct 30, 2011
My colleague wants to use our load balancers for VPN. We are coming off 3030s which are serving remote access IPSec as well as terminating LAN to LAN tunnels for like 7 sites.I want to secure the 5540s behind our front end 5585Xs when we move prod to the new dc.We have no immediate need for clientless but need to support osx lion and IPSec client does not. Thats all that's driving this effort currently. I already reminded mgmt that the 3030 and the IPSec client are end of life.I just think anyconnect is the better solution based on current skillset and the popularity of the solution.
View 2 Replies
ADVERTISEMENT
Aug 7, 2012
I am purchasing 2 5512x ASAs to be configured as an Active/Passive pair as a VPN device. Do I need to purchase anyconnect licenses for both devices?
View 2 Replies
View Related
Mar 6, 2013
Our customer has purchased 2 x L-ASA-AC-E-5520= Anyconnect Essentials VPN Licenses (750 Users)Ive installed both activated licenses as per the cisco guides, I didnt get any errors on the install. I did a reload on both, they are both back up and running as active/standby but when I do a sh ver the license still shows "ASA 5520 VPN Plus License"Am I being dumb and has this worked successfully or should it not now display Anyconnect when I do a sh ver?
View 8 Replies
View Related
Mar 11, 2012
We have a pair of N7K distribution switches connected to a pair of N7K Aggregation switches.We run vPC on both pairs of n7k's.
-n7k-d1 has two interfaces in a Port-Channel connecting to n7k-a1 & n7k-a2. (PC1)
-n7k-d2 also has two interfaces in a Port-Channel connecting to n7k-a1 & n7k-a2. (PC2)
My problem is that Spanning-Tree is blocking PC2 and all traffic from n7k-d2 is traversing the Peer-Link before reaching the Aggregation layer. Is this the best design for connecting two pairs of n7k's with vPC or if a better design would be to connect all 4 links into the same Port-Channel and vPC?
View 7 Replies
View Related
Dec 28, 2011
I've got a router on which I run a backup/media/print server, a couple of computers and a voip box. My router has only four ethernet lan sockets which are thus all occupied by the above, but I need to attach at least one further device b
Secondly, could a splitter such as >> this one << do the job? I'm guessing this basically split a single 4-pair ethernet connection into two 2-pair ethernet connections.
View 2 Replies
View Related
Jul 16, 2012
We have built IPSEC VPN over MPLS P2P circuit between Head & Branch office using Cisco ASA 5510. Client systems at Branch office connects to Citrix app at Head office, but it gets disconnect intermittently for all user. if any recommendations/changes required for Citrix App whn passing over IPSEC VPN/ ASA.
View 2 Replies
View Related
Apr 10, 2006
A group of Citrix Clients connect to a Citrix Metaframe Server. The port numbers involved are Citrix Metaframe (TCP/UDP 1494) and MS Terminal Server (TCP/UDP 1604).
The network is configured such that the communication between the Citrix clients and server goes through a GRE tunnel. Traceroutes from client to server, and vice versa, confirm that it passes thru the GRE tunnel. There's no ACL, firewalls or NAT devices along the IP path, in both directions.
The issue is, all Citrix clients can ping to the server but some fail to log on to the server; some have no problem. Also, other applications, e.g. PCAnywhere, can go through. If the GRE tunnel is taken away, all Citrix clients can log on to the Citrix server.
View 3 Replies
View Related
Feb 10, 2012
Ive serched everywhere for this problem and couldnt find it, ive tried the basic troubleshooting, one of are users is using the 32 bit client of citrix and it is not lauching, other users have no issues with it, only her computer does. When I click to lauch the desktop it thinks a bit and then the receiver will shoot me an error saying :
"The network connection to your application was interrupted. Try to access your application later, or contact technical support." Her computer is running Windows 7 64 bit, IE8. Im really not sure what could be causing this error
View 12 Replies
View Related
Jun 5, 2011
We're trying to access Citrix applications on customer`s server, but the error message attached pops up every time I try to access any application. Actually, this is the same error message when we try to use ssh protocol. I'm pretty sure I have loaded all the plugins for this. All the other functionalists are ok for this equipment.
View 1 Replies
View Related
Jan 9, 2011
its possible use citrix receiver for java on asa 5505 on ssl web vpn?
View 1 Replies
View Related
May 16, 2011
We run a hub&spoke network with dual GRE tunnels from each spoke site to seperate independant adsl routers at the hub.IPsec is enabled on each tunnel with crypto maps and then QOS is enabled with pre-classify for voice traffic priority. We also have defined a class for Citrix traffic by identifying port1494 traffic out and anything bound for our citrix servers IPs.Ok so the problem is that once the encryption comes up on the tunnels, the citrix programs wont connect. Take the crypto map off the tunnel and all works fine.
Here is the relevant config
crypto isakmp policy 1 encr 3des authentication pre-share group 2crypto isakmp key **** address *.*.*.*
crypto isakmp key **** address *.*.*.*
crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to hub1
set peer *.*.*.*
set transform-set ESP-3DES-SHA match address 104 qos pre-classifycrypto map SDM_CMAP_1 2 ipsec-isakmp description Tunnel to hub2
set peer *.*.*.*
set transform-set ESP-3DES-SHA match address 105 qos pre-classify
[code]....
I deliberately weight EIGRP to favour Tun0 and have Tun1 as a failover. I was thinking of Route-mapping the Citrix traffic to Tun1?
View 1 Replies
View Related
Sep 11, 2011
My company has a cisco ASA 5510 and we have a Citrix remote desktop solution. In a nutshell I have users from outside our network accessing a virtual Citrix NetScaler inside our DMZ. There is a session reliability feature enabled on the Citrix solution. Session reliability uses tcp port 443. A user from outside the network connects to our network and is handed a virtual desktop to work with. When a remote user is working on their virtual desktop and there is a network connection issue the end user loses network connectivity for a brief period of time (in most cases just seconds) then the Citrix session reliability feature takes over and holds in a buffer all data destined for the end user . Once the connection is re-established then the buffer is emptied and the session goes on like before and the end user is able to use the virtual desktop. At least this is the way it should work.
In our case the connection never re-establishes between the end user outside the network and the NetScaler in our DMZ. We have been working with Citrix Support and they believe the issue is in our firewall. We have taken packets captures with Wire shark and we can see when the network failure occurs the NetScaler in the DMZ is holding information in a buffer and trying to communicate with the remote end user outside our network via packets and TCP port 443. We can also do the same packet captures from the end user computer and see where it is not receiving any packets from the NetScaler in our DMZ. The fire wall has an access list allowing any traffic in the outside port destined to the NetScaler Public IP on port 443. Then once in the firewall outside port we have a static rule pointing to the NetScaler IP in the DMZ.Everything is working quite well until we need to rely upon the session reliability. We have tried altering the TCP & Global Timeouts options in the firewall via the ASDM with no luck.
View 1 Replies
View Related
Dec 12, 2011
I have a question around pix 501 (6.3) configuration. I am trying to allow traffic from a single Citrix CAG across a variety of ports (80,443,9001-9005,27000,7279,1494,2598) from external (dmz) interface through to multiple addresses (on the same ports) on the internal (secure) network and dont know how to best approach it or if its possible. The only way I have found to allow traffic through is via Static Nat entries which I cant see will work for this requirement as we need some ports to be allowed into multiple addresses.
View 6 Replies
View Related
Sep 16, 2012
We're setting up a Citrix Cloudstack/XenServer environment and having a heck of a time getting VLAN communication to work with the Cisco SG300-28 switches we've got. We have 4 hosts that are running physically connected to 2 SG300-28 switches.The Guest Network NICS are running on XenServer with a VLAN configuration. As you'll see below our problem lies in that the vm on Host1 (10.1.1.254) cannot communicate to the vm on Host2 (10.1.1.5).Our SG300-28 is currently in L2 mode with Trunked ports for the NICS. It's allowed the VLAN 133 as tagged. Here's the guest networking:here's how our SG300-28 are configured for VLAN traffic GE1,2,13,14 are the connected ports with VLAN133 being one of the tagged VLANS
View 8 Replies
View Related
Apr 24, 2012
Currently using intel 5100 & 6200 client cards on multiple driver versions. WiSM is 7.0.116. APs are 1250 and 1260 series. Citrix is setup to send server-side keepalives for session reliability. Randomly, several times a day the client will get disconnected from the Citrix application session but maintain connectivity to the AP and other applications continue to work. Traces show the server-side keepalive reach the controller but are delayed from controller to client by 5-6 seconds. Just enough time for the Citrix server to timeout and tear down to session. Additional testing shows the delay most likely occurs somewhere from controller to AP. It occurs on multiple controllers on multiple campuses.
We have Dell/Broadcom clients that don't experience the problem. The only commonality seems to be the Intel cards. CCX? I know Intel has a special relationship with Cisco regarding CCX and have developed features not available on other cards. Tried disabling power save and other CCX features but hasn't solved the issue.
View 7 Replies
View Related
Apr 20, 2013
We would like to install a pair of ACS 5.4 apliance as primary /backup in our two datacentres.I have some question regarding degin.
1- We have 800+ network device to monitor , can we install by range of address instead of instlling one by one in device host database ?
2- Do We have to install all 800 device first on Primary and then again on backup or Primary will replicate to backup server?
3- We do not have real IP address yet, so if we built with dummy address and make them pair and all the database sync, then when we change their IP address, will the distributed primary pair will have any issue with backup ACS server?
View 7 Replies
View Related
Apr 17, 2013
I have 2 5508 that are currently running as active with 150 licenses each. I want to go to HA SSO can 100 of the licenses be relicensed to the primary since it only requires 50 licenses to convert an active license 5508 to standby HA SSO?
View 3 Replies
View Related
Oct 31, 2012
i am trying to setup a failover pair on Cisco asa 5520 - need a state full failover. Do i need two ports dedicated to obtain the above - one for LAN based failover and one for state full fail over ? also do i need a switch in between to connect them ?
View 11 Replies
View Related
Feb 7, 2013
For some weeks I have been trying to pair my Samsung Galaxy S2 with my Lenovo Thankpad SL500. The consistent message is "Unable to pair with [laptop]. Incorrect PIN or PASSWORD.
Well which is? PIN? or PASSWORD? - or does the system not know, so it's taking a guess? If it doesn't know, how can I possibly know?
Having read many articles about his on the www, I am still none the wiser as to what is causing this. What's wrong with the PIN or PASSWORD - is it too hot, or too cold? Wrong font face, colour or size? Wrong latitiude, longitude or elevation? Wrong time of day or month? Are the auspices in general not favourable? Am I facing in the wrong direction as I type? Have I chosen the wrong weight/color of paper for my printer? Is my body odor unacceptable? Is the length of grass in my lawn not quite right? Oh, the number of options is so large - where does one start?
Oh, and before I forget - assuming I can find what constitutes a correct PIN or PASSWORD, where does one set it? btw pairing this phone with the media player in my 10 year old car works immediately and flawlessly!
View 10 Replies
View Related
Jan 14, 2013
Is it possible to run a large LAN over copper twisted pair cables?This is to connect 41 PC's that monitor fire systems on a large hospital site.I am trying to use the existing cable that is wired in a loop all round the site.
View 2 Replies
View Related
Oct 31, 2012
I have a long 2 pair cat 5 cable which I want to use to connect a ADSL modem to my desktop (located in a different room). I took the cable to few local computer dealers but none of them could connect an RJ-45 connector to it. They can only connect a 4 pair cat 5 cable. Connect a 2 pair cat 5 Ethernet cable to a RJ-45 connector. Kindly use simple language. I have attached an image of the cable for your reference. [URL]
View 5 Replies
View Related
Apr 15, 2013
I have a running ASA5520 in my network and recently we plan to add a failover pair as a standby unit for the running asa. Both of the ASA have the same specs and software. the only thing that the soon to be secondary ASA does not have is the AnyConnect Essential license. is it still possible for the unit to be the standby unit?
below is the license capture from both of the unit.
Running ASA:
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
[Code].....
View 3 Replies
View Related
May 3, 2012
I already know that there is an option using Patton Copper Link Ethernet extender to interconnect a remote LAN with this device. Do you know if this is possible using Cisco 888-K9 or any other Cisco Device ?
View 2 Replies
View Related
Mar 20, 2012
We have recently got 2 of our Cisco ASA 5520 firewalls through RMA. These are supposed to run in a Active/Active Failover Pair. There was only 1 RMA request that was opened for both the firewalls. We have received only 1 Activation key for this RMA request for both the firewalls. Just want to check with you if this Activation key will work on both firewalls or do we need a get a seperate one for the other box.
View 1 Replies
View Related
Feb 6, 2011
I'm trying to set up remote access IPsec VPN on a pair of ASA 5540 without much success. I can connect with a client on the outside, and when I try to ping something on the inside I can see the ping requests reach the target but the answers don't come back to the VPN client. I've tried with different NAT rules without success.
View 3 Replies
View Related
Oct 30, 2012
I want to clear the keys on a 2821 and generate new ones using the command crypto key zeroize command but I don't see this command available as an option. Below is the output of the available options..
ROUTER#crypto key ?
lock Lock a keypair.
unlock Unlock a keypair.
[Code]....
View 1 Replies
View Related
Nov 11, 2012
I have a pair of ASA5510 currently running as a failover pair. For some reason we need to move one of the firewall to another site, is there any best practice on splitting up the failover pair then I can re-configure the secondary unit offline?
I'm thinking to power down the secondary unit, unplug it from the network totally then erase the configuration on the secondary unit on console so I can re-configure it. For the primary unit, I will disable the faiolver config by "no failover" on the primary unit. Is that necessarily all thing for splitting up the failover cluster?
Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB(code)
View 2 Replies
View Related
Mar 3, 2011
I have one ASA 5520 up and runnign, with complete configuration (ssl customization, DAP, CSD...) with bunch of files on flash drive, etc. I am using software 8.3Now I received one 5520 that I want to use failover, it is with 8.3, I will make sure that ASDM is also the same on both...
So, my question is how to make my running ASA to become primary and to push all info (config, files on flash, etc) to new ASA?
I found few examples, but nothing tells me how to force one ASA to be the source for sync.
View 2 Replies
View Related
Aug 17, 2011
I am a bit unclear as to the upgrade path I should take - I have 2 ASA 5510s in active/standby running 8.0(4)34 and would like to upgrade to 8.2.5. Do I need to first upgrade to 8.0.(5) before upgrading to 8.2.5, or can I just jump straight to 8.2.5?
View 4 Replies
View Related
Aug 26, 2011
Is this this possible to set up two as a redundant pair as you can do with say a pair of 5510s?
View 3 Replies
View Related
Jun 10, 2013
I am trying to setup prime LMS 4.2 with a pair of soft appliance. As I understand that HA is possible with the use of veritas/vmware for windows/solaris; I was wondering what are the possible high availability options available with a pair of prime LMS appliances? Can it form active/secondary with data synchronization/data redundancy of the LMS on top of the traditional backup/restore of the lms?
View 1 Replies
View Related
Nov 29, 2012
Plan on a 2921 with 1 HWIC-4SHDSL as the CO end.I'd like to use 4 1-pair groups to connect to 4 respective CPE 888's.
View 2 Replies
View Related
Aug 20, 2012
how to install a certificate (.p7b and .crf) on my second ACE in a HA pair.
On ACE01 i generated a CSR and gave the details to our SSL provider, they provided the certificates and i imported them. All good there.
How can i install the same SSL on ACE02 if i haven't generated a CSR on my backup devicde, or do i generate a CSR and import the same certificate?
Since bringing the ACE's into HA all contexts have sync'd and the backup ACE is in 'hot standby' state. But one context fails the sync and i think this is because the SSL certificate is not installed correctly on the second ACE02.
View 5 Replies
View Related
