Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IOS WebVPN Citrix problem (error opening ICA file)

Hi All,

I have setup a 1841 Router with WebVPN, behind a 837 internet router. I have natted through port 443.

I have a Citrix server in side and am publishing it through the WebVpn.

I can connect to the Web Interface but can not launch applications. If I use the activeX component nothing happens at all. If I use the Java client I get an error "Error opening ICa file" "The address of an application server must be specified"

I have internally created certificates installed on the router and the root certificate installed as trusted in IE and Java.

There is an error logging on the 1841 each time I try to launch an application.

Jun 22 05:02:08.246: %TCP-2-INVALIDTCB: Invalid TCB pointer: 0x63A24534 -Process= "SSLVPN_PROCESS", ipl=

0, pid= 120 -Traceback= 0x60AD545C 0x61180F74 0x6117E9B8 0x61BBD2C4 0x61BBAB20 0x61BBB104 0x61BBEDD8 0x61

BCDA0C

Here is the running config without the real names or IPs.

Thanks for any suggestons. I have spent ages on this so far.

-----------------------------

bob#s run

Building configuration...

Current configuration : 8679 bytes

!

! Last configuration change at 15:03:08 NZST Thu Jun 22 2006

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname bob

!

boot-start-marker

boot-end-marker

!

no logging buffered

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login sdm_vpn_xauth_ml_1 local

aaa authorization exec default local

!

aaa session-id common

!

resource policy

!

clock timezone NZST 12

clock summer-time NZDT recurring 1 Sun Oct 2:00 last Sun Mar 2:00

ip cef

!

!

!

!

ip domain name mytestwebvpn4.co.nz

ip name-server 10.73.220.4

!

!

crypto pki trustpoint TP-self-signed-117527664

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-117527664

revocation-check none

rsakeypair TP-self-signed-117527664

!

crypto pki trustpoint mytestwebvpn4.org.nz

enrollment terminal

serial-number

fqdn bob.mytestwebvpn4.co.nz

ip-address FastEthernet0/0

password

subject-name OU=MY_OU, CN=bob.mytestwebvpn4.co.nz, C=NZ

revocation-check crl

rsakeypair SDM-RSAKey-1150934803000

!

!

crypto pki certificate chain TP-self-signed-117527664

certificate self-signed 01

D8AC05A8 6B2F9945 3E

quit

crypto pki certificate chain mytestwebvpn4.org.nz

certificate 61C2A6A000000000000F

8C4E7AB

quit

certificate ca 2F2FAD22B439B28F4BDB0CF2978A5E85

DDEBC0 99175B8C FCD38DF6 E586759C

6C5FA52A B3F7DF

quit

!

!

interface FastEthernet0/0

ip address 192.168.193.222 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.73.220.248 255.255.255.0

duplex auto

speed auto

!

ip route 0.0.0.0 0.0.0.0 192.168.193.1

!

!

ip http server

ip http secure-server

!

access-list 101 remark Outside access list inbound traffic

access-list 101 permit tcp any host 192.168.193.222 eq 443

access-list 101 deny ip any any log

!

!

!

!

scheduler allocate 20000 1000

!

webvpn gateway sample_1

ip address 192.168.193.222 port 443

ssl trustpoint mytestwebvpn4.org.nz

inservice

!

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

!

webvpn context test_1

title "Test Web VPN"

title-color #669999

secondary-color white

text-color black

ssl authenticate verify all

!

url-list "Printer"

heading "HTTP Printer"

url-text "HP Printer" url-value "http://10.73.220.38"

!

url-list "SDMCitrixServerList2"

heading "My Citrix farm"

url-text "server2" url-value "http://10.73.220.71/Citrix/MetaFrame/auth/login.aspx"

!

login-message "You must be authorised to access this network."

!

policy group NUTS01_RDP

url-list "Printer"

url-list "SDMCitrixServerList2"

hide-url-bar

citrix enabled

default-group-policy NUTS01_RDP

aaa authentication list default

gateway sample_1

inservice

!

end

bob#

1 REPLY
Silver

Re: IOS WebVPN Citrix problem (error opening ICA file)

Java client is not configured properly,because of that the error appears

866
Views
0
Helpful
1
Replies