let's see if somebody has the solution for this....
I have a PIX 515 and I am trying to get a Citrix metaframe XPs server to work behind the firewall.. I only use HTTP and HTTPS as the connection ports... and the server is located on the DMZ
right now whenever a client tries to connect, MF tries to open the static IP associated to that server.... and it does not work... so I tried adding an alias (dmz) command to override that... but to no avail.. I can see that the application stills tries to open the external IP X.X.X.41. I tried accessing the HTTP server in the MF server from another machine in the DMZ.. and I can access the server using the FQDN but not the external IP address X.X.X.41, my conclusion is that the alias command is not what I need.... I need a command in the cisco router that tells the router that whenever a request for X.X.X.41 is coming from the DMZ it should be redirected back to the MF server 192.168.2.15.... anybody know how to do this?
The alias command is not what you need, the "static" command you already have is mapping connections from x.x.x.41 to 192.168.2.15 on the DMZ.
The trouble you're seeing is how metaframe works, when a client connects, the server sends back a .ica file which contains the IP address for the client to connect to. This IP address is the IP address of the server, which in your case is 192.168.2.15. There's no way the PIX can change the IP address in this file, and the client will try and connect to that address.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...