Access Citrix-Terminalservices via WebVPN and Java-Client

Unanswered Question
Jul 12th, 2007


we set up a WebVPN on a CISCO 1812 router (IOS-Version 14.4(9)T) and want to access our Citrix PS 4.0 webfrontend to run a published application with the citrix-java-client.

Accessing the webfrontend, running the application with the activex-citrix-client functions properly, but trying to start the published application with the java-client results in an error message, that the presentation-server can't be found. Sometimes the JRE shows it's coffeecup, but after a few minutes there is only an empty window with a red cross.

I read that it's important that the CN-entry of the certificate represents the fqdn of the VPN-Gateway. But that's guaranteed.

Further I imported the certificate to the "trusted rootcertificate memory" of the internet explorer and imported it with the "keytool.exe" to the certificate memory of the JRE.

The option "SSL/TLS" at the the citrix client-allocation is activted too.

The newest version of the JRE is installed.

Does anybody have this constellation running in a productive environment?

Output of sh run:

crypto pki trustpoint test-trust

enrollment selfsigned

serial-number none

fqdn my-fqdn

ip-address none

subject-name CN=my-fqdn

revocation-check crl

rsakeypair test-trust

webvpn gateway webvpn

hostname test-citrixfarm

ip address XXXXXXXXX port 443

http-redirect port 80

ssl encryption 3des-sha1

ssl trustpoint test-trust


webvpn context webvpn

title "Our-WebVPN"

ssl encryption 3des-sha1

ssl trustpoint test-trust

ssl authenticate verify all


url-list "Our-Websites"

heading "Testservers Testlab"

url-text "Test-Citrixfarm" url-value "http://ip-adresse-internal-LAN"

policy group pol1

url-list "Our-Websites"

nbns-list "NBNSServers"

functions file-access

functions file-browse

functions file-entry


citrix enabled

default-group-policy pol1

gateway webvpn

max-users 2


Thanx for your help.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Wed, 07/18/2007 - 12:23

In the C:\inetpub\wwwroot\citrix\metaframe\conf directory, edit the default.ica file and add the line [SSLEnable=On]

in the Application Section - right above the line that says [EncRC5-0]:

niedax_edv Wed, 07/18/2007 - 23:43

Thanks for your answer, but I get the same result: Only the red-cross.


This Discussion