XenApp iApp ICA Proxy not working (I think)

Question

Hi everyone,&nbsp;
First time poster, so please excuse my ignorance and any incorrect turns of phrase.&nbsp;
I've got a small XA76 Dev environment running with a storefront server and have downloaded/installed the f5.citrix_vdi.v2.2.0 iApp on our dev LTM. Looked good initially, I was able to connect through the f5 to my storefront server, but the ICA client is trying to establish a connection to the ICA servers via the server IPs directly, rather than proxying ICA connections via the VIP they use to connect to storefront.&nbsp;
I've specified "BIG-IP system acts as gateway" in the ICA Traffic section, instructed it to use 2598, but haven't successfully configured all connection traffic to proxy through a single IP to all ICA servers.&nbsp;
Am I doing something wrong, or have I misunderstood the capabilities of the iApp?&nbsp;

michael_koyfma1 · Answer

You need the APM module licensed and provisioned to perform ICA proxying functionality.  If you don't have it licensed/provisioned, you won't see this question:&nbsp;
Use APM to securely proxy application (ICA) traffic and authenticate users into your Citrix environment? &nbsp;
That answer controls whether setup implements ICA proxy or not.&nbsp;

dburton33_22315 · Answer

Thanks Michael,&nbsp;
I'm still not certain I understand. I thought the APM module was there to provide an access method that bypasses storefront, and tells the LTM to contact the XA xml broker directly.&nbsp;
I do see the option to "Use APM to securely proxy application traffic and authenticate users into your Citrix environment", so looks like we're licensed. But I'm not sure that's what I want. I wanted to configure the LTM to provide proxy access to Storefront for authentication and app presentation, then to proxy ICA traffic back through that same interface. Does that need the APM?&nbsp;

dburton33_22315 · Answer

In fact, when I select "Use APM to securely..." then the "ICA Traffic" subsection of the form disappears. That is where I select "BIG-IP system acts as a gateway (router) to the ICA server network", configure to use port 2598 and select my ICA server subnet, which appeared to be where I was setting up the ICA gateway.

michael_koyfma1 · Answer

Did you by chance read the accompanying deployment guide? https://www.f5.com/pdf/deployment-guides/citrix-vdi-iapp-dg.pdf&nbsp;
It talks extensively about all the questions and options of the iApp.  Look at page 27 where it talks about the context of the question regarding using BIG-IP as the gateway.  Or are you saying that you want to have your XenApp servers use BIG-IP as default gateway AND act as ICA proxy?&nbsp;

dburton33_22315 · Answer

Thanks Michael,&nbsp;
I've configured the iApp so that it's successfully proxying storefront to a different VLAN, applying a certificate, and authenticating logons. However, the ICA client is attempting to contact the ICA server directly, not via the F5 storefront Virtual Server. Can you explain what I need to change so that the clients can all use that same Virtual Server IP?&nbsp;

Forum Discussion

XenApp iApp ICA Proxy not working (I think)

6 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

F5 iRUule not working

Citrix XenApp and XenDesktop

Citrix XenApp Secure Access Deployment

Why think about HTTP 2.0?

Citrix XenApp 5.0 Implementation Tips