Jump to content
Welcome to our new Citrix community!

Clientless access to internal web server


Recommended Posts

Hi All,

 

I have read a lot of articles but am still a little confused as to the steps required to allow external clientless access to a web server on our internal network.

 

I am experimenting with a backup NetScaler VPX (11.1) that is currently used for external access to XenDesktop.  This Netscaler already has LDAP and RADIUS configured and working.

 

So far I have done the following:

 

1) Created a new Gateway Virtual Server with new IP address accessible externally and bound the relevant server cert and LDAP and RADIUS policies to it.

 

I have configured a Published Application with 1 x url specified which is the url for the internal web server.  I have also created and bound a Session Policy & Session Profile with Client Experience set to Clientless Access = On and Client Choices set to enabled.  In addition to this the Default Authorization Action is set to ALLOW and override global under Security.  This configuration does seem to work i.e. I can authenticate and am directed to a client choices page where after selecting Clientless Access, I see the website I wish to access listed under Enterprise websites.

 

There are however a couple of issues with this method 1) Users are presented with the choices page where they have to select either client of clientless access before then seeing the Enterprise access website link.  If I turn Client choices off then I see a http/1.1 internal server error 43531 error after authenticating.

 

2) The default authorization action is set to allow and I don't think this is good practice.

 

Instead of the above, it was suggested that I create a Load Balancing Virtual server and add form based authentication and set 'NetScaler Gateway Virtual Server' in Choose Virtual Server Type and specify the new NetScaler Gateway virtual server I created earlier in the 'NetScaler Gateway Virtual Server'.  The NetScaler does not allow me to set this as it is also complaining that an authorisation server is missing.

 

Any suggestion on the best way to achieve this would be great.

 

Thank you.

 

 

 

Link to comment
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...