Citrix Remote Access via CAG..

Malt_Vinegar

Malt_Vinegar

Malt_Vinegar

Don
Joined
20 Oct 2002
Posts
17,048
Location
In a house
Really been banging my head against a brick wall on this and could do with some help.
I have setup VDI in a Box from Citrix (cut down Xendesktop essentially) and am attempting to allow access to this remotely through the the net.
I have setup the required port forwarding (i think!) through the router, and can access the site without issue.
Internally the system works fine, but when accessing remotely, it falls with a 1030 error on attempting to launch the desktop. I think this is possibly due to the VDI in a box passing an internal IP to the outside connection?
However, I thought that by adding the CAG it would resolve this issue.

Any ideas?
 
That looks to me like the whole idea would be 10x simpler if you used VPN to access it 'locally', from afar. Seeings as this works already internally.
 
Now, we are talking :D Thanks.

I was using a default certificate and managed to miss that article. I think because I was only looking at VDI in a Box support articles, forgetting that the CAG is really designed for Xenapp/Xendesktop.

Will see if I can get that sorted.
 
Malt_Vinegar said:
Whilst I agree in principle, this defeats the point of anytime/anywhere access as it stops the use of Zero clients, and mobile devices.
Click to expand...

Pretty much all android smartphones support VPN? Pretty sure iPhones and iPads do too. Windows 7 does as well all built in.
Once configured (which is very simple to do) it's just an on/off button.

Having things openly accessible from the web using port forwarding outside of a proper DMZ is risky, if that includes a virtual desktop that allows a user to interact with the machine behind the firewall it basically makes the firewall completely redundant.
 
Skidilliplop said:
Pretty much all android smartphones support VPN? Pretty sure iPhones and iPads do too. Windows 7 does as well all built in.
Once configured (which is very simple to do) it's just an on/off button.

Having things openly accessible from the web using port forwarding outside of a proper DMZ is risky, if that includes a virtual desktop that allows a user to interact with the machine behind the firewall it basically makes the firewall completely redundant.
Click to expand...

The idea of CAG is that it is essentially an SSL VPN solution inside a nice user-friendly Citrix wrapper.

No different to having an ASA deployment presenting AnyConnect really.
 
Have a look on the Kaviza/citrix website as their are docs for setting up a VPX with Vdi in a box. Works great when it's working.
 
how are you getting on with this? i work with cag on the netscalers and had to set it up from scratch, if you're still having problems i might be able to help. i remember the certificate side of things being a royal pita to setup, got it all working perfectly in the end though! :)
 
You must log in or register to reply here.
Back
Top Bottom