ASA webvpn citrix support(8.0+)

Unanswered Question
Feb 14th, 2009

Ok, I am somewhat confused after going over some of the quicklearn modules for webvpn. I know that you can enable citrix support by using smart tunnels. However, the module, as well as other documentation implies that citrix can be supported w/o the need for forwarding/smart tunnels, simply by checking a "citrix" support box in the group policy option on the ASDM, or adding the citrix to the list of supported functions using the CLI. This checkbox does not appear present in ASDM 6+, and I am confused about how it functions w/o smart tunnels/port forwarding. Could someone clarify this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
owillins Thu, 02/19/2009 - 15:22

Web VPN is supported with Citrix, but only with Cisco VPN Concentrator Software version 4.7 and later. This release includes support for Citrix MetaFrame services through WebVPN. The VPN Concentrator functions as the Citrix secure gateway. However, you configure your Citrix web interface software in Normal Address mode. You must install an SSL certificate on the VPN Concentrator interface that the clients connect to using a fully-qualified domain name (FQDN). This function does not work if you specify an IP address as the common name (CN) for the SSL certificate. Select Configuration > User Management > Base Group/Group and go to the WebVPN tab to configure Citrix MetaFrame support.Select Administration > Certificate Management to configure the SSL certificate.The Citrix client attempts to use the FQDN to communicate with the VPN Concentrator. Your PC must be able to use the Domain Name System (DNS) or an entry in the System32\drivers\etc\hosts file to resolve the FQDN.

ryancolson Thu, 02/19/2009 - 15:35

I have seen a cisco doc that explains how to do it using an ASA with 7.x code. The commands seem a lil different in 8 tho.


This Discussion