Asa 5510 citrix webvpn upgrade 8.0(4) from 7.22

rtames · ‎11-27-2008

After we upgraded the asa 5510 from version 7.22 to version 8.0(4) we aren't able to use citrix applictions thru a webvpn connection. We can login to our citrix web interface server thru webvpn login on the webinterface but then when someone clicks an application from citrix

it gives the error "connection in progress" it never comes with the application. Does anyone konw how to solve this?

kind regards

robebrt

dcarlton · ‎12-01-2008

Use a smarttunnel for the clientless policy and auto start it. Then add these two programs to the smart tunnel list:

wfica32.exe

wfcrun32.exe

Because it's a smart tunnel you will also want to secure it with a web acl to prevent access beyo9nd your citrix servers..

rtames · ‎12-02-2008

Hi,

thanks for your reply.

I created a smarttunnel and placed the two programs in it. But unfortunately I still get the same message.

any other ideas?

robbert

dcarlton · ‎12-02-2008

It sounds like the smart tunnel did not launch. In the bookmark for your citrix server did you enable the smart tunnel option?

In the group policy did you assign the smart tunnel list.

The URL at the top of the browser will tell if the smart tunnel launched. It will point directly to the citrix server and not to the ASA's outsides ip address.

rtames · ‎12-02-2008

I think I found out what the problem is; I set the homepage URL of the groupolicy to our internal Intranet (sharepoint) on this server i installed the webinterface for sharepoint server 2007 so the applications of the logged in user will automaticly be visible for him and with one click the application should start. This has worked with cisco asa version 7.22 but not anymore with 8.04. I now disabled the homepage url so when I log in I get the standard cisco asa homepage with the bookmarks on it, this way I can login to citrix. Is there anyway i can get the bookmarks on my own intranet website or even better can i get the old way thru Sharepoint running again?

kind regards

robbert

dcarlton · ‎12-02-2008

Create an html file with these commands:

Where sharepoint is your internal url to your server. Import this file in the web contents section accessible only when authenticated.

On the customization for your portal page, add a custom pane that is html and add this html file in the url line. It would look something like this:

/+CSCOE+/launchsharept.htm

Then make sure Autostart is enabled for Smart Tunnels on your group policy. When the portal page loades it will redirect to your Sharepoint server but this time it will be in a smarttunnel.

rtames · ‎12-02-2008

this is going in the right direction!

now it will try to open our Intranetwebpage but now it asks me to login to the sharepoint website. while normally it uses Single sign on, so when I login to the webvpn it automaticly knows my credentials for the intranet website. Do you also know here a solution for?

dcarlton · ‎12-02-2008

In the group policy, portal tab under the smart tunnel section there is a place to add a smart tunnel single sign on list. You need to be running 8.04 for this feature and the latest asdm.

rtames · ‎12-02-2008

I placed the sharepoint-server in that list but unfortunately that doensn't work. At the top of the page I can put in a SSO server, but we don't have that, is a SSO server needed for this to work with the smarttunnel?