03-25-2009 11:53 AM
I need to config my ace, to do both SSL offload, as well as Load Balancing for a pair of Citrix Secure Gateways.
The issue I'm running into, is I'm able to get the CSG website to load properly with SSL Offload, however, when the Client starts a Citrix Session, the Certificate transfer fails, and I'm unable to launch the Citrix Session.
03-26-2009 01:18 AM
I do not know the application.
Are you doing client authentication on the CSS ?
Does it fail because the CSS rejects the client certificate ?
Is the certificate to be sent to the citrix server ?
I would suggest to capture traces with and without the CSS so we can compare.
Gilles
03-26-2009 07:53 AM
I'm not using the CSS.
I'm using the Cisco Application Control Engine(ACE), version 3.0(0)A1(6.3b).
CSG = Citrix Secure Gateway.
After a user logs into the website (the ace isn't dealing with client auth, this is the job of the CSG server), and a user attempts to launch a Citrix Session, the Citrix Client errors out, giving a cert error, or a citrix server unavailable error.
I believe the CSG is passing a new certificate to the Citrix Client(new meaning a different cert than is used to load the website), but the ACE is confusing the Citrix Client somehow.
The captures I've done shows a 'TCP Checksum Incorrect' right after the "Change Cypher Spec, and Encrypted Handshake Message.
07-20-2009 12:39 PM
Did you find a resolution on this? I am having the same issue with CSG servers.
07-21-2009 03:27 AM
Hi,
Not sure if this is relevant - it is about SSL offload to a Netscaler rather than an ACE, but the principles should be the same.
http://www.jaytomlin.com/blog/2006/07/can_netscaler_perform_ssl_offl_1.html
Effectively you need to tell the CSG not to expect SSL on its three virtual servers.
HTH
Cathy
07-22-2009 01:22 PM
No.
The solution is to leave the cert on the CSG's and not do SSL Offload. as far as I can see.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide