Jump to content


Photo

iPhone receiver no SSL no Gateway

Started by Joe Church , 18 August 2010 - 08:28 PM
10 replies to this topic

Joe Church Members

Joe Church
  • 38 posts

Posted 18 August 2010 - 08:28 PM

I have a Citrix server running XenApp 6, with two network interfaces. One of the interfaces is connected to our private internal production network. The second interface is connected to the optional interface on our Watchguard firebox and setup in a DMZ LAN. On our firewall we have a public IP configured to NAT the public IP to the DMZ LAN IP that the Citrix server is using.

I've setup an altaddr entry for the DMZ LAN IP to use the public IP as the alternate. I've added direct entries for the internal production IP address. I am able to launch apps from any PC internally or externally over both interfaces.

What is NOT working is iPhone functionality using Citrix Receiver. We do NOT want to use the Secure gateway product as this is mainly a test configuration. I have read through the documentation searched the forums and found similar threads, but what is different in our sitaution is we are using a DMZ LAN with port forwarding, and most of the forum posts and documentation I've seen indicate that most people are using a publically exposed network interface directly on the citrix server. In our case the public IP is not physically being used on the Citrix server, its just a NAT.

Any ideas on how we can get iPhone support for Citrix Receiver in this kind of configuration? I've been trying various configurations all day and nothing I try will get it working.



Joe Church Members

Joe Church
  • 38 posts

Posted 19 August 2010 - 01:21 PM

I think I managed to get some mixed results, the configuration I mentioned did work over Wifi but very sporadically over 3G on the iPhone. I think data coverage issues were causing connectivity problems. But I am now able to launch applications over wifi and from remote locations using the online plugin.

The config we are using right now that seems to work for us is to use the "Translated" method in the PNAgent site for the default connection. We added a direct entry for our internal production Lan IP. In the PNAgent site config, we set to "Translated" and added the port mapping entries as "user device".



Scott McDonald Citrix Employees

Scott McDonald
  • 1,837 posts

Posted 19 August 2010 - 07:34 PM

Joe, using "Default=Alternatte" and a setting wehre your internal range=Direct may also work.



Joe Church Members

Joe Church
  • 38 posts

Posted 31 August 2010 - 08:41 PM

I ended up calling support and paying a per incident fee for the call regarding this configuration. I was told that using the PNAgent site without secure gateway or access gateway was NOT supported and should not work. I got it to work on a single server, but had issues with the configuration when using a two server configuration. The lady I talked to was not very happy with me, but ultimately I managed to explain that this was the reason for my call to find out what kind of configuration I needed to make it work. After being told we would not be supported in the configuration we were trying to test, we ended up setting up secure gateway, and had a very confusing time trying to figure out which settings to use on which server for the secure access configuration. Finally we got it working, but now we have issues with the SSL certificate we got not being trusted automatically by all devices. I would have thought Network Solutions would be trusted by everything, but its only in the default keystore on 50% of the Windows PCs I look at and its not on Android devices. Sigh....



Scott McDonald Citrix Employees

Scott McDonald
  • 1,837 posts

Posted 01 September 2010 - 03:35 PM

Joe, I sent a private message to you, I'd like to go over your configuration in a bit more detail.



Joaquin Avellan Members

Joaquin Avellan
  • 4 posts

Posted 22 October 2010 - 09:29 PM

I'm doing something very similar and saw my configuration was not supported on the app. Crossing my fingers support comes along with a update. It's a shame I need to connect to VPN on my iPhone to use it.
-ja

Edited by: Joaquin Avellan on Oct 22, 2010 5:36 PM



Scott McDonald Citrix Employees

Scott McDonald
  • 1,837 posts

Posted 25 October 2010 - 02:28 PM

Joaquin, what is your configuration?

The iPhone can connect via alternate address, a direct address or one of our Gateway products.



Emboltorio Jahn Ray Members

Emboltorio Jahn Ray
  • 11 posts

Posted 27 January 2011 - 02:11 AM

Hello Scott,

I had XenDesktop Environment currently running without any problems. My set up was CSG from DMZ and WI inside LAN. Where running XenDesktop 5 with WI 5.4.

Now i would like to connect via iphone 3gs and we've already installed the citrix reciever on the iphone. I also configure a new site in XenApp Services via pnagent for iphone access.

However, i seem can't connect to the pnagent site i created for iphone. The pnagent site configuration is almost the same as the Desktop site i created for desktop clients. All Direct Gateway and only iphone access is not working.

Since im using CSG, can help me what is the correct configuration for the Citrix Reciever?

Thank you...



Scott McDonald Citrix Employees

Scott McDonald
  • 1,837 posts

Posted 28 January 2011 - 06:06 PM

The configuration should be simply https://fqdn/ no Access Gateway.
there should not be any additional information needed except credentials.



James McDonald Members
  • #10

James McDonald
  • 20 posts

Posted 15 June 2011 - 02:57 PM

Is it possible to setup the iPhone receiver directly without a Gateway and without an SSL certificate installed?



Scott McDonald Citrix Employees
  • #11

Scott McDonald
  • 1,837 posts

Posted 15 June 2011 - 07:26 PM

Yes, use http to the web site and make sure that there is a route on port 1494 to the XenApp servers. This is not recommended for Internet access as your credentials will be sent plain text.