Now Available:

line

Realtime Communities

line

Newsletter

Email Address:

line

RSS

  • XML
  • iTUNES
line

Ask the Expert

Have a question for our resident expert? .

« Got a Terminal Server Wish? Here's your chance... | Main | A technical look at the Security Configuration Wizard Part I »

How to Build a Citrix Access Gateway in a VM

If you're a Citrix shop, then it is likely that you either are or will eventually be a Citrix Access Gateway shop (at least, if your Citrix infrastructure is connected to the Internet). Citrix Access Gateway (CAG) is the hardware-based SSL VPN appliance Citrix released a few years ago as a replacement for the software-based Citrix Secure Gateway product that ran on top of a Windows O/S.

The CAG is a pretty neat piece of equipment, but unlike the software-based Secure Gateway comes with a cost. If you're either attempting to test out the system or learn from it to study for your CCEA certification, having a test CAG means buying another one.

Or, spoofing one in a virtual machine environment. I found an interesting thread on VMware's web site that discussed exactly how to build one...

This information comes from the thread at http://www.vmware.com/community/message.jspa?messageID=305671 Compliments to "tallmantim" who documented this procedure.

You need:
* VMWare Workstation 5.5
* A VM license (they give you a 30 day trial when you download it)
* The CAG 4.2 install CD or ISO (from mycitrix)
* VMWaregateway from http://l4ka.org/tools/vmwaregateway.php
* About 2GB free disk space

Here is how it works:

1. New Virtual Machine
2. Custom
3. New-Workstation 5
4. Other - other
5. a few easy steps
6. Use host only network
7. create a new virtual disk
8. IDE (Recommended)
9. 40 gig and Allocate all disk space now
10. Finish

The vmx file should then look like this:

******************************************************
config.version = "8"
virtualHW.version = "4"
scsi0.present = "TRUE"
memsize = "512"
MemAllowAutoScaleDown = "FALSE"
ide0:0.present = "TRUE"
ide0:0.fileName = "Citrix AG.vmdk" (This should be whatever you've called the VM.)
ide1:0.present = "TRUE"
ide1:0.fileName = "auto detect"
ide1:0.deviceType = "cdrom-raw"
floppy0.present = "FALSE"
ethernet0.present = "TRUE"
ethernet0.connectionType = "bridged" (or whatever networking is appropriate, host only or NAT)
ethernet0.virtualDev = e1000
ethernet0.addressType = "generated"
ethernet0.generatedAddress = "00:0c:29:1c:23:9a"
ethernet0.generatedAddressOffset = "0"
ethernet1.present = "TRUE"
ethernet1.connectionType = "hostonly"
ethernet1.virtualDev = e1000
ethernet1.addressType = "generated"
ethernet1.generatedAddress = "00:0c:29:1c:23:a4"
ethernet1.generatedAddressOffset = "10"
sound.present = "TRUE"
sound.virtualDev = "es1371"
sound.fileName = "-1"
sound.autodetect = "TRUE"
displayName = "Citrix AG"
guestOS = "other"
nvram = "Other.nvram"

ide1:0.autodetect = "TRUE"

ide0:0.redo = ""

serial0.tryNoRxLoss = "TRUE"
uuid.location = "56 4d 89 e7 67 e4 78 7f-b4 05 3c 4c be 1c 23 9a"
uuid.bios = "56 4d 89 e7 67 e4 78 7f-b4 05 3c 4c be 1c 23 9a"
tools.remindInstall = "TRUE"
ide1:0.startConnected = "FALSE"

serial0.startConnected = "TRUE"

checkpoint.vmState.readOnly = "FALSE"
checkpoint.vmState = ""
******************************************************

Now load the ISO file from mycitrix.com and bind it as bootable CD-ROM
Boot the VM and it will be installed.
When it is finished you can reboot and at the End you get the ACE error but the Citrix Access Gateway will work.

****************************

Additional instructions:

1. You need to create a serial port so that you can do the express setup etc.
2. In VMWare, create a serial port and point it to a named pipe called \\.\pipe\vmwaredebug
3. Save the vmwaregateway
4. Run vmwaregateway /t (This will listen for a named pipe of the above name.)
5. Start the VM - you should see on the vmwaregateway command line window that it is now connected to the named pipe.
6. Use hyperterminal (or similar) to connect to localhost:567 - this will connect you to the serial port and allow you to do the config.
7. Username is root and password is rootadmin
8. Depending upon whether you are connected to bridged or hostonly for the device, you need to enter an IP address on your real network or the VMNet1 network.
9. Once IP is configured, you should be able to ping the IP address of the laptop (real IP in bridged or VMNet1 IP in hostonly).
10. Once IP is configured and tested, you can connect through the IP in a browser. Connect to port 9001 through HTTPS eg.

TrackBack

TrackBack URL for this entry:
https://realtime-windowsserver.com/type/mt-tb.cgi/35

Most Active Posts

line

Library Resources

line
line

Recent Posts

  • Memorial Day! Take it Easy Today...
  • Microsoft SoftGrid Sequencing Best Practices
  • Holy timing, batman! Microsoft Press Releases Windows Server 2008 Book
  • CBT Nuggets "Introduction to VBScript" Series to be Released Soon
  • Free CBT Nuggets Citrix and SMS Videos
  • WSUS 3.0 Auto-Update Excludes SBS Servers
  • Sarbanes-Oxley Revision under Review -- This may be a Good Thing
  • WSUS 3.0 update posted to WSUS today
  • Citrix Access Suite 4.5 Video Demos Available
  • Arguably the Least Specific or the Most Necessary Terminal Server Hotfix Ever
line

Greg Shields' Bio:

Greg Shields is a Principal Consultant with 3t Systems in Denver, Colorado. With more than 10 years of experience in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft, Citrix, and VMware technologies. Greg is a Contributing Editor for both Redmond Magazine and Microsoft Certified Professional Magazine, authoring two regular columns along with numerous feature articles, webcasts, and white papers. He is known for his abilities to relate highly technical concepts with a drive towards fulfilling business needs. Greg is also a highly sought-after instructor and speaker, teaching system and network troubleshooting curriculum for TechMentor Events, a twice-annual IT conference, and producing computer-based training curriculum for CBT Nuggets on numerous topics. Greg is a triple Microsoft Certified Systems Engineer (MCSE) with security specialization and a Certified Citrix Enterprise Administrator (CCEA).