How to Build a Citrix Access Gateway in a VM
If you're a Citrix shop, then it is likely that you either are or will eventually be a Citrix Access Gateway shop (at least, if your Citrix infrastructure is connected to the Internet). Citrix Access Gateway (CAG) is the hardware-based SSL VPN appliance Citrix released a few years ago as a replacement for the software-based Citrix Secure Gateway product that ran on top of a Windows O/S.
The CAG is a pretty neat piece of equipment, but unlike the software-based Secure Gateway comes with a cost. If you're either attempting to test out the system or learn from it to study for your CCEA certification, having a test CAG means buying another one.
Or, spoofing one in a virtual machine environment. I found an interesting thread on VMware's web site that discussed exactly how to build one...
This information comes from the thread at http://www.vmware.com/community/message.jspa?messageID=305671 Compliments to "tallmantim" who documented this procedure.
You need:
* VMWare Workstation 5.5
* A VM license (they give you a 30 day trial when you download it)
* The CAG 4.2 install CD or ISO (from mycitrix)
* VMWaregateway from http://l4ka.org/tools/vmwaregateway.php
* About 2GB free disk space
Here is how it works:
1. New Virtual Machine
2. Custom
3. New-Workstation 5
4. Other - other
5. a few easy steps
6. Use host only network
7. create a new virtual disk
8. IDE (Recommended)
9. 40 gig and Allocate all disk space now
10. Finish
The vmx file should then look like this:
******************************************************
config.version = "8"
virtualHW.version = "4"
scsi0.present = "TRUE"
memsize = "512"
MemAllowAutoScaleDown = "FALSE"
ide0:0.present = "TRUE"
ide0:0.fileName = "Citrix AG.vmdk" (This should be whatever you've called the VM.)
ide1:0.present = "TRUE"
ide1:0.fileName = "auto detect"
ide1:0.deviceType = "cdrom-raw"
floppy0.present = "FALSE"
ethernet0.present = "TRUE"
ethernet0.connectionType = "bridged" (or whatever networking is appropriate, host only or NAT)
ethernet0.virtualDev = e1000
ethernet0.addressType = "generated"
ethernet0.generatedAddress = "00:0c:29:1c:23:9a"
ethernet0.generatedAddressOffset = "0"
ethernet1.present = "TRUE"
ethernet1.connectionType = "hostonly"
ethernet1.virtualDev = e1000
ethernet1.addressType = "generated"
ethernet1.generatedAddress = "00:0c:29:1c:23:a4"
ethernet1.generatedAddressOffset = "10"
sound.present = "TRUE"
sound.virtualDev = "es1371"
sound.fileName = "-1"
sound.autodetect = "TRUE"
displayName = "Citrix AG"
guestOS = "other"
nvram = "Other.nvram"
ide1:0.autodetect = "TRUE"
ide0:0.redo = ""
serial0.tryNoRxLoss = "TRUE"
uuid.location = "56 4d 89 e7 67 e4 78 7f-b4 05 3c 4c be 1c 23 9a"
uuid.bios = "56 4d 89 e7 67 e4 78 7f-b4 05 3c 4c be 1c 23 9a"
tools.remindInstall = "TRUE"
ide1:0.startConnected = "FALSE"
serial0.startConnected = "TRUE"
checkpoint.vmState.readOnly = "FALSE"
checkpoint.vmState = ""
******************************************************
Now load the ISO file from mycitrix.com and bind it as bootable CD-ROM
Boot the VM and it will be installed.
When it is finished you can reboot and at the End you get the ACE error but the Citrix Access Gateway will work.
****************************
Additional instructions:
1. You need to create a serial port so that you can do the express setup etc.
2. In VMWare, create a serial port and point it to a named pipe called \\.\pipe\vmwaredebug
3. Save the vmwaregateway
4. Run vmwaregateway /t (This will listen for a named pipe of the above name.)
5. Start the VM - you should see on the vmwaregateway command line window that it is now connected to the named pipe.
6. Use hyperterminal (or similar) to connect to localhost:567 - this will connect you to the serial port and allow you to do the config.
7. Username is root and password is rootadmin
8. Depending upon whether you are connected to bridged or hostonly for the device, you need to enter an IP address on your real network or the VMNet1 network.
9. Once IP is configured, you should be able to ping the IP address of the laptop (real IP in bridged or VMNet1 IP in hostonly).
10. Once IP is configured and tested, you can connect through the IP in a browser. Connect to port 9001 through HTTPS eg.