Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2882
Views
0
Helpful
5
Replies

ASA Smart Tunnels and Citrix

raun.williams
Level 3
Level 3

‎03-03-2008 08:04 AM

I'm trying get the Smart Tunnels set up on our ASA, but there seems to be a serious lack of documentation. I did find a little bit in the 8.0 configuration guide, but that's about it. Basically, I've created the application list of the names. First we went with the path as described in the documenation; pn.exe and that's it but then i also tried the full path as well:

smart-tunnel list "CitrixW32-ProgramNeighborhood" "wfica32" "c:\Program Files\Citrix\ICA Client\wfica32.exe"

smart-tunnel list "CitrixW32-ProgramNeighborhood" "wfcrun32" "c:\Program Files\Citrix\ICA Client\wfcrun32.exe"

smart-tunnel list "CitrixW32-ProgramNeighborhood" "Citrix_PN" "c:\Program Files\Citrix\ICA Client\pn.exe"

smart-tunnel list "CitrixW32-ProgramNeighborhood" "wfica" "c:\Program Files\Citrix\ICA Client\wfica.exe"

smart-tunnel list "CitrixW32-ProgramNeighborhood" "wfcrun" "c:\Program Files\Citrix\ICA Client\wfcrun.exe"

I then attempted to apply the list to our group policy, which apparently doesn't work well in ASDM considering you apply it and then it doesn't show up in ASDM as applied, but here it is in CLI:

webvpn

url-list value WebVPN-Basic

filter none

port-forward disable

http-proxy disable

sso-server none

customization value FHS

http-comp none

hidden-shares none

smart-tunnel auto-start CitrixW32-ProgramNeighborhood

Now I'm guessing that's all that is needed?!!?! I setup Program Neighborhood agent to point towards the citrix server as usual, logged into webvpn and launched a basic Citrix Session that should goto a desktop as no application is specifed but I recieve an I/O error on the Program Neighborhood side as if something is being blocked. Any ideas?

Thanks,

Raun

Labels:
0 Helpful
5 Replies 5

irisrios
Level 6
Level 6

‎03-10-2008 07:15 AM

There are certain restrictions when considering implementation of Smart Tunnels. Refer to URL http://cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/vpn_web.html#wp1073306 for more information.

0 Helpful

raun.williams
Level 3
Level 3
In response to irisrios

‎03-10-2008 08:12 AM

Thank you, but as mentioned I did find what little information there was in the configuration guide.

0 Helpful

arni.v.skarphedinsson
Level 1
Level 1
In response to raun.williams

‎09-24-2008 08:31 AM

Hi

did you ever get this working, I am looking at a similar setup.

Thanks

Arni

0 Helpful

harrjd222
Level 1
Level 1
In response to arni.v.skarphedinsson

‎09-24-2008 10:36 AM

try this

Preview file
3586 KB
0 Helpful

arni.v.skarphedinsson
Level 1
Level 1
In response to harrjd222

‎09-26-2008 02:26 AM

Just an update that I got this working

used the same info as in the orginal post for the Smart Tunnels, but did not use the full path of the programs, just the name xyz.exe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents