[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Problems with ICA-client, Securemote and NAT.
Hi all, I need some expert help on this. Nokia Ipso 3.2.1 with FW-1 v 4.1 SP.2 I have a configuration where I want securemote users to acces my internal Citrix server. The Citrix server has a static address translation. When I connect to the Citrix-server without using securemote, everything works fine so the static routing and proxy arp must be configured correctly. When I use the securemote client I can't get through to the server. I can see in the logviewer that I get an Authcrypt, a Key Install and then a decrypt. Source and Destination are the external addresses. In Xlatedest. it is the correct internal adresses. The problem is that I can't see any return traffic from my citrix server to the securemote client in the logfile.' But when I use tcpdump on the fw internal interface, I can see the clients external address try to connect to the citrix server internal address, and that the citrix server tries to respond to the external client IP-address. Is this correct, and if it is, why can't I see it in the logfile ?? I have included the citrix server external address in the encryption domain. I have also tried to disable anti_spoofing, with no luck. My securemote rule is after the stealth rule. Has that anything to say ?? Thanks for your help...- Christian H. Jensen .................................................................................. eSec A/S - Managed Security http://www.esec.dk Telefon: +45 7020 5585 Direkte: +45 4450 2073 Mobil: +45 20192510 ..................................................................................
|