请教下高手CITRIX连接问题

lyh88925

环境是 一台跑CITRIX 5.0的服务器网关指向一台PC，PC通过拨号上网，在PC上开启了端口映射80和1494.DMZ里面设置的是TRANSPORT模式，用了域名解析。远地客户端通过WEB连接应用时，出现no route 的提示
  请教这种环境DMZ该怎么设置    不甚感激

jjee

除了路由器设置DMZ或NAT外，XENAPP控制台需要配置外网访问方式。用记事本打开launch.ica看看主机IP是不是为XENAPP5服务器内网IP，是则外网肯定无法访问服务器。

[ 本帖最后由 jjee 于 2009-11-17 22:42 编辑 ]

lyh88925

没有使用路由器，PC做的内网网关，在Webinterface里面设置了translated模式，里面有6个选项。这种环境选哪种合适

YUEN

貌似还需要映射那个什么XX94、XX95端口，，忘记了

jjee

配置wi的外网访问（标准教程）
Alternate address configuration implementation with web interface is two step procedures.
# O, ]+ ^% r% i4 V9 \& bHear alternate address should be configured in Citrix and not on network adapter. I would assume you have configured it on network adapter.
Let's understand how to do it.
  ~: E. @- u% |: k$ q' [! a

Step 1 : Use below command for all application servers that are required to be available on outside subnet.
步骤1：使用以下命令用于所有要求外网有效的应用程序服务器上。
" I1 w- _: a* k0 c
8 \9 r7 I# q) w" p. I: I# uALTADDR /SERVER:HostName /SET X.X.X.X /V
8 B1 k: u8 ]/ g/ a& Q0 K' b! k6 EWhere,
这里，
0 j* b% X+ w4 J* l7 {6 iHostName = Citrix Application Server HostName
1 |6 ]& @8 `6 n6 A' W' X3 E主机名=思杰应用服务器主机名
3 W! J1 q) s  G+ K/ IIn X.X.X.X = Alternate ip address for hostname specified.
7 W5 k3 l0 d2 t# L& I% u0 O在X.X.X.X =为主机名指定交替IP地址
For my 32 bit subnet based alternate ip configuration, command were something like this.
& r3 \* w% J9 j0 D9 q$ h因为32位子网基于交替IP配置，命令如下。
& `. p* p# Z# M0 c/ i5 }ALTADDR /SERVER:ExampleServer1 /SET 172.16.190.37 /V
4 T5 H" R) N' p6 r* Z" iALTADDR /SERVER:ExampleServer2 /SET 172.16.190.38 /V
Where,
这里，
ExampleServer1 & 2 = Name of my CitrixApplicationServer
3 a' d8 U4 ^+ |  k8 z4 V172.16.190.X = are alternate IP address for respective Citrix Application Server.
2 C" M* B7 B# _ExampleServer1 & 2 =思杰应用服务器名称
7 s( {6 C4 L. s5 e172.16.190.X =是给每个思杰应用服务器的交替IP地址
( q' K, y8 g8 [: v; d: q4 B4 R" ANATing was to translate Client's public ip to 172.16.190.X ip address.
NAT用于转换客户公网IP到172.16.190.X IP地址。
; L7 s8 O; J# Y/ F$ _- x5 |
( V$ [( V& v* E% gStep 2 : Create/re-configure webinterface website and enable alternate addressing.
For new website.
% @  `. c, [% Y1) Open Access Management Console.
2) Select Web Interface Node
( t  p4 U. o5 g! ]6 z+ c3) Click on "Manage secure client access - >Edit DMZ settings" under common tasks.
+ }- C4 M: q# T$ J. F; g4) For Default Client and set Access method "Alternate" for default client.
9 G2 s4 R2 n. B2 n$ H步骤2：创建/重新配置WEB界面网站并非启动alternate交替地址功能。
" q% ^7 n+ ?# O0 Y1 G# X' X, \用于新网站。
1）启动“Access Management Console”。
! r9 C. e% n# |7 ?3 @2）选定“Web Interface”节点。
3）点击”common tasks“下面的“Web Interface - > Edit DMZ settings”。
4）“default client”“Access method”设置为"Alternate" 。

or re-Configure existing by alternate addressing to specified client IP range.
4 c' s$ Y) o/ ^* M( U+ i. _2 M, c
: B4 D- C" n. p- a+ W1) Open Access Management Console.
2) Select Web Interface Node
( R& n/ I& Y0 |% H3) Click on "Manage secure client access - >Edit DMZ settings" under common tasks.
6 m9 H  Z( M2 Y4) Click on Add button and specify Client IP X.X.X.X and set Access method "Alternate".
或者重新配置原有设置，通过“alternate”轮换地址到指定的客户IP地址范围。
1）启动“Access Management Console”。
4 ]+ y- P2 `5 x8 Z! G2）选定“Web Interface”节点。
3）点击”common tasks“下面的“Web Interface - > Edit DMZ settings”。
4 j5 x) I8 ?8 |7 \* V1 g0 M4）点击“ADD”新增按钮来指定客户IP地址X.X.X.X，并设置“Access method”访问方式为"Alternate"。
Now website will understand that if client IP is X.X.X.X, it should respond with alternate address of application server and not with primary ip address.
现在网站自己清楚,如果客户端IP是X.X.X.X,它必须响应“alternate”交替地址而不是主IP地址。
' G# Q# O6 r, H
==================================================================================================================
XenApp5 for Windows 2003 实验记录
实验环境：
路由器：Dynamic IP/WAN 192.168.0.254/LAN 1494/TCP 80/TCP
公网域名:JJEE.3322.ORG
内部子网：192.168.0.0/24
" \$ p, `" |- X$ Y% u3 O( {XenApp应用服务器IP:192.168.0.1
3 |- e3 X2 ?. m! z3 f4 E操作步骤如下：
1、CMD>ALTADDR /JJEE.3322.ORG
! a9 a+ R! O; t" i8 @8 {2、Manage secure client access - >XenApp节点- > Manager Secure Access:
SpecifyAccessMethods:(192.168.0.0/24=Direct;Default=Translated)
SpecifyAddressTranslations:- >Client device route translation(Client device/192.168.0.1:1494/jjee.3322.org:1494)
测试成功！
备注：(telnet 192.168.0.1 1494 检测XenApp服务是否开启1494端口)

PNAgent连接配置：(开启1494端口)
0 p! n0 T3 E) `. h1 cManage secure client access - >PNAgent节点- > Manager Secure Access:
3 M8 I; U, C5 W9 F/ n" gSpecifyAccessMethods:(192.168.0.0/24=Direct;Default=Translated)
SpecifyAddressTranslations:- >Client device route translation(Client device/192.168.0.1:1494/jjee.3322.org:1494)
; @. K  j9 D( ^& f7 r测试成功！
1 o9 {3 K. @# w# K
2 z$ T$ j6 _+ h. }. |  _9 O: t==================================================================================================================
: Z' f9 _2 @* X: y7 t' |% cALTADDR [/SERVER: servername] [/SET AlternateAddress] [/V]
3 P. u# |) W! x# L+ BALTADDR [/SERVER: servername] [/SET AdapterAddress AlternateAddress] [/V]
/ }8 F% ^# w0 w) B% D. vALTADDR [/SERVER: servername] [/DELETE [AdapterAddress]] [/V]
( ]; _1 R* W% t& B. S8 |* g( [! s
Query or set alternate network addresses for an application server
The alternate address is an external address known to clients outside
a firewall.

- R' f* b$ K2 X! s- D7 r: ]Options:
; n; o* q& E1 R" ` [/SERVER:name]               - configure the specified server
[/SET]                       - set alternate TCP/IP addresses
1 ]9 M9 a, p2 [6 v [/DELETE [adapteraddress]]   - delete the default or specified adapter address
[/V]                         - verbose display mode
[/?]                         - display help message

1 H+ G$ Y  o+ I7 Y) ?9 c- CWhen setting alternate addresses, specify a single IP address to
indicate the alternate IP address used by default for all adapters
, _8 M. w( T3 }. _on the system, or specify a pair of IP addresses that indicate a
particular local IP address and its corresponding alternate address.