We're trying to access Citrix applications on customer`s server, but the error message attached pops up every time I try to access any application. Actually, this is the same error message when we try to use ssh protocol. I'm pretty sure I have loaded all the plugins for this. All the other functionalists are ok for this equipment.
View 1 RepliesI do alot with computers themselves, but, my networking skills are rusty and lacking....so, I'm hoping this is a simple one!I have a customer with a medium sized network (about 20 desktop computers) that are setup with a Domain.The business is a car dealership and he wants to be able to offer wireless to the folks that are waiting (but not give them access to the network, printers, server).I've never setup a wireless network where access to only the internet and not the network itself is the goal, so I'm not sure how to do it properly.Is there an easy way to explain how I should be hooking it up? Or will the network information, type of router, etc. be necessary?
View 2 Replies View RelatedI have a server running Windows Server (can be 2003 or 2008 if it matters). The server has multiple IP addresses allocated to it.I want to use the IP addresses *as if they were remote high anonymous proxies*. I want all traffic to and from each application to use the same IP address and I want to be able to add the IP addresses to applications in the same way I would a remote proxy (presumably using 127.0.0.1 ort)So for each 127.0.0.1 ort address traffic travels like so:
application <-> localhost <-> internet facing IP address <-> remote site
Is this even possible? I know I can do this using a seperate Linux VPS running squid but I'm curious as to if it can be done on one server running windows.
I've installed XAMPP on one of my Vista computers, and intend to use it as a server. The internal IP address of the server is A.B.C.D. The internal IP address of the DIR-615 is A.B.C.E. whatsmyip.com says that external address of the server is F.G.H.I (and so is everything else inside my network). I have Filezilla listening on port 21. I've turned Windows Firewall completely off on the server, and my ISP (Time Warner / Road Runner) says that they never block any port.I tried going to the DIR-615 using Port Forwarding, and set ports 21 & 90 to forward to A.B.C.D, for both UDP & TCP, Allow All, Always. That didn't work.I tried going to the DIR-615 using Virtual Server. I set a virtual server on port 21 to A.B.C.D, for both UDP & TCP, Allow All, Always. It made me turn off Port Forwarding, and it wouldn't let me use both 21 & 90 on the same rule, so made two rules. That didn't work either.
I tried setting A.B.C.D as a DMZ host. That still didn't work.I can ftp connect into A.B.C.D from one of the other computers in the network. People outside the network can't connect to F.G.H.I. I can't connect to F.G.H.I. from inside the network. The same is true of Apache (but ports 80, 81 & 443), Ventrilo (but ports 3784 & 6100) and MySQL (but port 3306). I figure that FTP is the easiest to test, so I've been just trying to get that to work.In FileZilla Server Options, I am bound to *, I have no filters, and my passive mode is set to "Retrieve external IP"As far as I can tell, if I've ruled out anything inside my network (by connecting internally), and I've ruled out my ISP (they don't block), then it must be the router. I think I've done port forwarding according to [URL], and it seems like it should be easy, but I've been trying forever and I can never get it to work.
Just updated to the 1.01 firmware on my DIR-815 and now it doesn't handle loopbacks anymore.
For instance, I have a dyndns address of ericnewton76.dyndns.org. This points to my router. Works fine if you're NOT within the router's internal network, ie, outside hosts can get in just fine (try it... http:// , you'll see an IIS7 welcome screen)
However, when INSIDE the network, the requests don't get connected properly, and they used to... ie, I work with code, so my svn repo is at ericnewton76.dyndns.org/svn but inside my network it doesn't connect properly anymore (whereas it used to before firmware update)
So now I wish I could back-peddle to 1.0 firmware.
How to make Nas Box accessible by his customers so that they can upload large files to it rather than rely on posting these to him (e.g. on CDs/DVDs).He has the Nas Box for his own use and ideally would like to link it through his business website so that a customer can go there and upload files. Another option seems to be opening the network to his customers as well but I'm not sure about how to approach either of these options.
View 1 Replies View RelatedWe want to deploy a NMS (Network Monitoring System), in this case SolarWinds, to monitor devices we have deployed at the customer site. We will make an IP VPN connection (ASA5510 with Cisco 800's) to the customer site. We have one primary NMS installation running in our datacenter. This NMS has to have a connection to all customer sites. We run into a problem when two customers use the same subnet. We want to use VRF-Lite to solve this problem but I am stuck in my design.
I have attached "VRF.jpg" to show the (basic) design I have made. The connection from customer to the router in the datacenter is not a problem. We can put the fa0.1 and vpn interface in the same VRF group. Via one physical cable we will go from router to NMS in which the NMS has multiple virtual interfaces. The datacenter router will route between the 192.168.x.x (NMS) and 10.1.1.x (Customer).What I can't seem to comprehend is how the NMS can decide how to get to Customer 1 or Customer 2. The customer can reach the NMS one-way but the NMS has no way to reply back because if it replies to 10.1.1.1 it can either use interface fa0.1 or interface fa0.2.
We have a 5525 that has not been deployed to production yet so we're using it in the lab. I want to lab some upgrades from 8.2 to 8.6 for some customers but the 5525 comes loaded with 8.6. Would there be any problem with reimaging the 5525 with 8.2? I'm just not sure if there would be an issue with this new hardware running that old software.
View 3 Replies View RelatedI can't receive mails from some customers, asa 5505 log get the message: "ASA_Outside|Deny TCP (no connection) from X.X.X.X/35702 to ASA_Outside/25 flags ACK on interface outside".
View 5 Replies View RelatedI have a Cisco 7606 running 12.2. I want to limit the interface that is used by one of our customers to 30M.
View 3 Replies View RelatedWe have built IPSEC VPN over MPLS P2P circuit between Head & Branch office using Cisco ASA 5510. Client systems at Branch office connects to Citrix app at Head office, but it gets disconnect intermittently for all user. if any recommendations/changes required for Citrix App whn passing over IPSEC VPN/ ASA.
View 2 Replies View RelatedA group of Citrix Clients connect to a Citrix Metaframe Server. The port numbers involved are Citrix Metaframe (TCP/UDP 1494) and MS Terminal Server (TCP/UDP 1604).
The network is configured such that the communication between the Citrix clients and server goes through a GRE tunnel. Traceroutes from client to server, and vice versa, confirm that it passes thru the GRE tunnel. There's no ACL, firewalls or NAT devices along the IP path, in both directions.
The issue is, all Citrix clients can ping to the server but some fail to log on to the server; some have no problem. Also, other applications, e.g. PCAnywhere, can go through. If the GRE tunnel is taken away, all Citrix clients can log on to the Citrix server.
Ive serched everywhere for this problem and couldnt find it, ive tried the basic troubleshooting, one of are users is using the 32 bit client of citrix and it is not lauching, other users have no issues with it, only her computer does. When I click to lauch the desktop it thinks a bit and then the receiver will shoot me an error saying :
"The network connection to your application was interrupted. Try to access your application later, or contact technical support." Her computer is running Windows 7 64 bit, IE8. Im really not sure what could be causing this error
My colleague wants to use our load balancers for VPN. We are coming off 3030s which are serving remote access IPSec as well as terminating LAN to LAN tunnels for like 7 sites.I want to secure the 5540s behind our front end 5585Xs when we move prod to the new dc.We have no immediate need for clientless but need to support osx lion and IPSec client does not. Thats all that's driving this effort currently. I already reminded mgmt that the 3030 and the IPSec client are end of life.I just think anyconnect is the better solution based on current skillset and the popularity of the solution.
View 2 Replies View Relatedits possible use citrix receiver for java on asa 5505 on ssl web vpn?
View 1 Replies View RelatedWe run a hub&spoke network with dual GRE tunnels from each spoke site to seperate independant adsl routers at the hub.IPsec is enabled on each tunnel with crypto maps and then QOS is enabled with pre-classify for voice traffic priority. We also have defined a class for Citrix traffic by identifying port1494 traffic out and anything bound for our citrix servers IPs.Ok so the problem is that once the encryption comes up on the tunnels, the citrix programs wont connect. Take the crypto map off the tunnel and all works fine.
Here is the relevant config
crypto isakmp policy 1 encr 3des authentication pre-share group 2crypto isakmp key **** address *.*.*.*
crypto isakmp key **** address *.*.*.*
crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to hub1
set peer *.*.*.*
set transform-set ESP-3DES-SHA match address 104 qos pre-classifycrypto map SDM_CMAP_1 2 ipsec-isakmp description Tunnel to hub2
set peer *.*.*.*
set transform-set ESP-3DES-SHA match address 105 qos pre-classify
[code]....
I deliberately weight EIGRP to favour Tun0 and have Tun1 as a failover. I was thinking of Route-mapping the Citrix traffic to Tun1?
My company has a cisco ASA 5510 and we have a Citrix remote desktop solution. In a nutshell I have users from outside our network accessing a virtual Citrix NetScaler inside our DMZ. There is a session reliability feature enabled on the Citrix solution. Session reliability uses tcp port 443. A user from outside the network connects to our network and is handed a virtual desktop to work with. When a remote user is working on their virtual desktop and there is a network connection issue the end user loses network connectivity for a brief period of time (in most cases just seconds) then the Citrix session reliability feature takes over and holds in a buffer all data destined for the end user . Once the connection is re-established then the buffer is emptied and the session goes on like before and the end user is able to use the virtual desktop. At least this is the way it should work.
In our case the connection never re-establishes between the end user outside the network and the NetScaler in our DMZ. We have been working with Citrix Support and they believe the issue is in our firewall. We have taken packets captures with Wire shark and we can see when the network failure occurs the NetScaler in the DMZ is holding information in a buffer and trying to communicate with the remote end user outside our network via packets and TCP port 443. We can also do the same packet captures from the end user computer and see where it is not receiving any packets from the NetScaler in our DMZ. The fire wall has an access list allowing any traffic in the outside port destined to the NetScaler Public IP on port 443. Then once in the firewall outside port we have a static rule pointing to the NetScaler IP in the DMZ.Everything is working quite well until we need to rely upon the session reliability. We have tried altering the TCP & Global Timeouts options in the firewall via the ASDM with no luck.
I have a question around pix 501 (6.3) configuration. I am trying to allow traffic from a single Citrix CAG across a variety of ports (80,443,9001-9005,27000,7279,1494,2598) from external (dmz) interface through to multiple addresses (on the same ports) on the internal (secure) network and dont know how to best approach it or if its possible. The only way I have found to allow traffic through is via Static Nat entries which I cant see will work for this requirement as we need some ports to be allowed into multiple addresses.
View 6 Replies View RelatedWe're setting up a Citrix Cloudstack/XenServer environment and having a heck of a time getting VLAN communication to work with the Cisco SG300-28 switches we've got. We have 4 hosts that are running physically connected to 2 SG300-28 switches.The Guest Network NICS are running on XenServer with a VLAN configuration. As you'll see below our problem lies in that the vm on Host1 (10.1.1.254) cannot communicate to the vm on Host2 (10.1.1.5).Our SG300-28 is currently in L2 mode with Trunked ports for the NICS. It's allowed the VLAN 133 as tagged. Here's the guest networking:here's how our SG300-28 are configured for VLAN traffic GE1,2,13,14 are the connected ports with VLAN133 being one of the tagged VLANS
View 8 Replies View RelatedCurrently using intel 5100 & 6200 client cards on multiple driver versions. WiSM is 7.0.116. APs are 1250 and 1260 series. Citrix is setup to send server-side keepalives for session reliability. Randomly, several times a day the client will get disconnected from the Citrix application session but maintain connectivity to the AP and other applications continue to work. Traces show the server-side keepalive reach the controller but are delayed from controller to client by 5-6 seconds. Just enough time for the Citrix server to timeout and tear down to session. Additional testing shows the delay most likely occurs somewhere from controller to AP. It occurs on multiple controllers on multiple campuses.
We have Dell/Broadcom clients that don't experience the problem. The only commonality seems to be the Intel cards. CCX? I know Intel has a special relationship with Cisco regarding CCX and have developed features not available on other cards. Tried disabling power save and other CCX features but hasn't solved the issue.
Most of my applications and games that connect to the internet are unable to do so. My browser is working fine, though.This morning, my AVG found 2 trojans, and deleted them. However, it also deleted a couple registry keys along with them. I suspect this might be the problem, or maybe the antivirus itself, but I don't know which keys were deleted.
View 1 Replies View RelatedI randomly get disconnected from the online applications that I'm using.(Msn, skype, online games, etc.)And I'm running this program in the background to check what's going on.As you can see, everything is normal till I get 0 ping for a couple of times, then it immediately goes back to normal till it hits 0 ping again.It's very random, it happens on the 345th hop or 789th etc.I'm on a wi-fi connection but not using wireless modem.The cable's plugged to my computer.
View 14 Replies View RelatedIs there any other way to configure the checks using the hash value of an application instead of register key ??? I have read and confirmed that the hash value does not change never. Its the same value....But I did not find a way to configure the rule on the CAM.... ? By the way I am using Cisco NAC 4.8.2
View 3 Replies View Relatedwhen I connect to VPN with ASA 5510, can not connect to web applications in HTTP instead https in other applications are working properly. how can I fix this?
View 2 Replies View RelatedWe are having issues transferring a 200GB VHD file across our point to point without being corrupted in the process. Any good application for testing the line quality across the point to point?Preferably we want something free, but if there is an in depth tool that costs money, we are open to that option as well.
View 1 Replies View RelatedI've tried scanning for viruses, using winsock fix (they had a static ip I also set to automatic since they should not need it). I just turned off the firewall as well, tried "selective startup" and unchecked "load startup items" and nothing has worked so far. We're working on giving them another computer but I'd like to know why this happens.
View 7 Replies View RelatedI recently was instructed to block Facebook from a specific persons phone. I was able to block access to Facebook from the browser, but this person can still access Facebook via the mobile app. I have already placed m.facebook.com and facebook.com on the "no-go list" on my router, which like I said, specificaly blocks the browser on phone, but not the app. I can't seem to figure out how the app accesses the site and how to block it.I've already done some Googling, and read that port 9339 plays some kind of role. I don't know how true this is, but I tried it anyway, to no avail. I am not to savvy with ports so it could be my error.And before it is mentioned, this person cannot access cell data, as the phone does not get service, only WiFi.
View 12 Replies View RelatedI would like to allow another user to access my home server to be able to restart his teamspeak/ mine craft servers. I know game hosting companies can do it and would like to know how I can have him be able to restart them without remote desktop.
View 2 Replies View RelatedWe have a SPA-1XCHSTM1/OC3 installed in a SIP-200 in a 6509. There are approximately 50 T1's riding the OC3.
We have two applications that fail when run from two different remote sites riding T1's that ride the OC3.Both applications involve access to external Internet sites.One establishes a VPN to AT&T's network. The other connects to a credit card transaction service.
We've run the applications from our central site successfully which means their traffic goes through our firewall and our ISP.We replaced the T1 to one remote site with another that does not ride the OC3. Both applications work riding that new T1.
Cisco says there is no newer firmware for the SPA-1XCHSTM1/OC3 than what we are currently running: [code]We would prefer all our T1's come in through the OC3 but until we get a fix for the buggy OC3 that is not possible.
I just purchased and installed a RV220W router. I bought it specifically for the VPN capability. After successfully setting up the QuickVPN and connecting, I am confused about how to setup the router (if possible) so I can run applications remotely. Is this possible with the RV220W and if so, is there documentation to guide me in the right direction?
View 5 Replies View RelatedI was looking on YouTube to make my own server, the person said, "then go to Applications, Pinholes and DMZ click on it..." So I did it but did not see it what happened to it
View 1 Replies View RelatedCurrently, my work computer has (obviously) a local desktop. Also, we use a Remote Desktop for our shared network drive (our head office is on the other side of the country). The annoying thing is that if I am looking up a document on the share drive (Remote Desktop) and I want to work on it, the Remote Desktop applications are slow. So I'd rather work on it on my local desktop. However, I have to email it to myself, exit the Remote Desktop, retrieve it from my mail (in local desktop) and then save it
View 2 Replies View RelatedLENOVO G580 - i5,4gb ram, 500gb harddisk , network adapters- atheros ar8162 pcie- fast ethernet controller, broadcom 802.11n network adapter.i am using quickheal total secutity for a total antivirus protection.My problem is that whenever i connect my laptop using a d-link crossover cable to connect to my desktop the connection establishes successfully but on browsing or copying data the system gives a bsod error.initially i didn't got a clue as to what causes the error but then i figured out that uninstalling q-heal solves the problem an reintalling it again causes the same problem.ive tried using different versions/products of qiuckheal but all end up generating a blue screen error.not only this , whenever i use a software that has some thing to do with network like monitoring appliction wise bandwith or something it also ends up in bsod.
View 5 Replies View Related