citrix access gateway enterprise editiondocshare01.docshare.tips/files/24520/245203403.pdf · 2016....

Citrix Access Gateway Enterprise Edition

Access Gateway User’s Guide for the

Windows®, Macintosh, Linux, and Unix

Platforms

Release 8.0

Citrix Systems, Inc.

© CITRIX SYSTEMS, INC., 2005. ALL RIGHTS RESERVED. NO PART OF THIS DOCU-MENT MAY BE REPRODUCED OR TRANSMITTED IN ANY FORM OR BY ANY MEANS OR USED TO MAKE DERIVATIVE WORK (SUCH AS TRANSLATION, TRANSFORMA-TION, OR ADAPTATION) WITHOUT THE EXPRESS WRITTEN PERMISSION OF CITRIX SYSTEMS, INC.

ALTHOUGH THE MATERIAL PRESENTED IN THIS DOCUMENT IS BELIEVED TO BE AC-CURATE, IT IS PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IM-PLIED. USERS MUST TAKE ALL RESPONSIBILITY FOR THE USE OR APPLICATION OF THE PRODUCT(S) DESCRIBED IN THIS MANUAL.

CITRIX SYSTEMS, INC. OR ITS SUPPLIERS DO NOT ASSUME ANY LIABILITY THAT MAY OCCUR DUE TO THE USE OR APPLICATION OF THE PRODUCT(S) DESCRIBED IN THIS DOCUMENT. INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITH-OUT NOTICE. COMPANIES, NAMES, AND DATA USED IN EXAMPLES ARE FICTITIOUS UNLESS OTHERWISE NOTED.

The following information is for FCC compliance of Class A devices: This equipment has been test-ed and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction man-ual, may cause harmful interference to radio communications. Operation of this equipment in a res-idential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.

Modifying the equipment without Citrix' written authorization may result in the equipment no longer complying with FCC requirements for Class A digital devices. In that event, your right to use the equipment may be limited by FCC regulations, and you may be required to correct any interference to radio or television communications at your own expense.

You can determine whether your equipment is causing interference by turning it off. If the interfer-ence stops, it was probably caused by the NetScaler Request Switch™ 9000 Series equipment. If the NetScaler equipment causes interference, try to correct the interference by using one or more of the following measures:

Move the NetScaler equipment to one side or the other of your equipment.

Move the NetScaler equipment farther away from your equipment.

Plug the NetScaler equipment into an outlet on a different circuit from your equipment. (Make sure the NetScaler equipment and your equipment are on circuits controlled by different circuit breakers or fuses.)

Modifications to this product not authorized by Citrix Systems, Inc., could void the FCC approval

and negate your authority to operate the product.

BroadCom is a registered trademark of BroadCom Corporation. Fast Ramp, NetScaler, and NetScal-er Request Switch are trademarks of Citrix Systems, Inc. Linux is a registered trademark of Linus Torvalds. Internet Explorer, Microsoft, PowerPoint, Windows and Windows product names such as Windows NT are trademarks or registered trademarks of the Microsoft Corporation. NetScape is a registered trademark of Netscape Communications Corporation. Red Hat is a trademark of Red Hat, Inc. Sun and Sun Microsystems are registered trademarks of Sun Microsystems, Inc. Other brand and product names may be registered trademarks or trademarks of their respective holders.

Software covered by the following third party copyrights may be included with this product and will also be subject to the software license agreement: Copyright 1998 © Carnegie Mellon University. All rights reserved. Copyright © David L. Mills 1993, 1994. Copyright © 1992, 1993, 1994, 1997 Henry Spencer. Copyright © Jean-loup Gailly and Mark Adler. Copyright © 1999, 2000 by Jef Pos-kanzer. All rights reserved. Copyright © Markus Friedl, Theo de Raadt, Niels Provos, Dug Song, Aaron Campbell, Damien Miller, Kevin Steves. All rights reserved. Copyright © 1982, 1985, 1986, 1988-1991, 1993 Regents of the University of California. All rights reserved. Copyright © 1995 Tatu Ylonen, Espoo, Finland. All rights reserved. Copyright © UNIX System Laboratories, Inc. Copyright © 2001 Mark R V Murray. Copyright 1995-1998 © Eric Young. Copyright © 1995,1996,1997,1998. Lars Fenneberg. Copyright © 1992. Livingston Enterprises, Inc. Copyright © 1992, 1993, 1994, 1995. The Regents of the University of Michigan and Merit Network, Inc. Copyright © 1991-2, RSA Data Security, Inc. Created 1991. Copyright © 1998 Juniper Networks, Inc. All rights reserved. Copyright © 2001, 2002 Networks Associates Technology, Inc. All rights reserved. Copyright (c) 2002 Networks Associates Technology, Inc. Copyright 1999-2001© The Open LDAP Foundation. All Rights Reserved. Copyright © 1999 Andrzej Bialecki. All rights re-served. Copyright © 2000 The Apache Software Foundation. All rights reserved. Copyright (C) 2001-2003 Robert A. van Engelen, Genivia inc. All Rights Reserved. Copyright (c) 1997-2004 Uni-versity of Cambridge. All rights reserved. Copyright (c) 1995. David Greenman. Copyright (c) 2001 Jonathan Lemon. All rights reserved. Copyright (c) 1997, 1998, 1999. Bill Paul. All rights reserved. Copyright (c) 1994-1997 Matt Thomas. All rights reserved. Copyright © 2000 Jason L. Wright. Copyright © 2000 Theo de Raadt. Copyright © 2001 Patrik Lindergren. All rights re-served.

Part No. VPN-UG-JV-80-1206

Last Updated: December 2006

Contents

Chapter 1 - Access Gateway Overview . . . . . . . . . . . . . . . . . . . . . . 1-1

1.1 Access Gateway : Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

1.2 Access Gateway : Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

Chapter 2 - Getting Started with the Access Gateway. . . . . . . . . . . 2-1

2.1 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

2.2 Starting an Access Gateway Session . . . . . . . . . . . . . . . . . . . . . . . . 2-2

2.3 Using the Access Gateway Browser Plug-in . . . . . . . . . . . . . . . . . . . 2-6

Chapter 3 - Troubleshooting the Access Gateway Browser Plug-in. 3-1

3.1 Debugging the Access Gateway Browser Plug-in. . . . . . . . . . . . . . . . 3-1

3.2 Access Gateway Session Error Codes . . . . . . . . . . . . . . . . . . . . . . . 3-1

SSL VPN User’s Guide i

Contents

ii SSL VPN User’s Guide

Chapter 1

Access Gateway Overview

The Access Gateway is a secure remote access solution that provides point-to-point communication between remote users, such as mobile employ-ees, partners, or resellers, and a private enterprise network. It does so by cre-ating a secure tunnel between a standard Web browser and the Access Gateway. This allows authorized remote users to gain access to critical busi-ness resources such as corporate intranets, shared file systems, native cli-ent-server applications, and terminal services.

This chapter provides an overview of the Access Gateway features. The follow-ing topics are described in this chapter:

• Access Gateway : Architecture• Access Gateway : Key Features

1.1 Access Gateway : ArchitectureWhen you log on to a Web site that is secured by the Access Gateway, the sap-pliance instructs the browser to download the SSL VPN browser plug-in onto your computer. The plug-in is a Java applet that creates a secure channel of communication between your browser and the appliance, thus allowing you to remotely access those resources you are authorized to use.

Before the plug-in is downloaded, you will be prompted to permit it to execute. The plug-in first initializes itself by fetching the intranet applications, it sup-ports, from the corporate network. The network administrator configures the Access Gateway with these applications. Once initialized, the plug-in listens on preconfigured ports. When it receives a request from the client, it opens a con-nection, authenticates that connection with the user's credentials, and then tunnels subsequent data packets between the client and the server on the cor-porate network across the connection. This is illustrated in the following figure.

Access Gateway Enterprise Edition User’s Guide 1-1

Figure 1-1 Access Gateway browser plug-in architecture

The following section provides a step-by-step description of the preceding dia-gram.

1. The client application looks up the Hosts file for the address of the server on the corporate network.

2. The Hosts file points to localhost. The plug-in listens for requests from the client application on preconfigured ports.

3. The client application sends a request to the plug-in.4. The plug-in forwards the request to the Access Gateway. 5. The Access Gateway forwards the request to the application server.6. The application server responds to the Access Gateway.7. The Access Gateway replies to the plug-in.8. The plug-in replies to the client application.

1.2 Access Gateway : Key FeaturesThe Access Gateway supports:

• SSL 3.0 and TLS1.0 network protocols• 1024-bit encryption• Most TCP-based applications• Windows®, Linux, and Macintosh OS X

1-2 Access Gateway Enterprise Edition User’s Guide

Chapter 2

Getting Started with the Access Gateway

The preceding chapter covered the architectural details of the Access Gateway browser plug-in. In this chapter, you learn how to use the plug-in. This chapter begins with a brief introduction to the system requirements for the plug-in. This is followed by detailed instructions on downloading and running the plug-in. The final section covers the various controls of the user interface. The following topics are described in this chapter:

• System Requirements• Starting an Access Gateway Session• Using the Access Gateway Browser Plug-in

2.1 System RequirementsThe minimum system requirements are:

Windows Platform

• Web browsers: Internet Explorer 5.0+, Netscape 7.1, Mozilla Firefox 1.2+

• Java Plug-in: JRE1.4.2 or greater

Macintosh (MacOSX)

• Web browsers: Safari v1.2(v125)• Java Plug-in: JRE1.4.2

Linux Platform

• Web browsers: Mozilla Firefox 1.2.1+• Java Plug-in: JRE1.3.1 or greater

Note You can download the Java Runtime Environment (JRE) from Sun Microsystem’s Java Web site if needed. Browse to http://www.java.com/ to find the JRE for your operating system.


2.2 Starting an Access Gateway SessionAs mentioned earlier, the Access Gateway is designed to provide remote users access to authorized resources on a private network, over a secure connection. To establish a secure connection, you must first log on to the Access Gateway Web site. Contact your system administrator for the Web address of the site and the logon credentials. The typical format for a Web address is:

https://companyname.com

To log on to your company’s Access Gateway Web site

1. Open a Web browser and enter the Web address of the Access Gateway Web site. If your administrator has not configured a proper secure certifi-cate that identifies the server, the operating system prompts you with a Security Alert window asking your permission to access the Access Gate-way logon window.

Figure 2-1 Security Alert window

The security alert indicates that there might be discrepancies in the certificate. For example:


• the certificate has expired• The domain name in the certificate does not match the domain name of the

server• The certificate is not trusted

Click the Cancel button and contact the system administrator.

2. The Access Gateway logon page is displayed.

Figure 2-2 Access Gateway logon page

3. Enter your logon name and password. 4. Click logon. When you log on to the Access Gateway for the first time, a

security warning is displayed as shown in the following figure. This warning prompts you to download the Access Gateway browser plug-in.


Figure 2-3 Security warning

Note The appearance of these dialog boxes may differ across platforms and browsers.

5. Click Trust. The Proxy Configuration alert is displayed.


Figure 2-4 Proxy Configuration alert

Note This alert will not be displayed when you use Internet Explorer on Windows® and Safari on Macintosh OS X. For details on configuring the proxy settings of your Web browser, refer to the section 2.3.2 of this chapter.

6. Click Run. The Secure Remote Access Session window and the services page are loaded as shown.


Figure 2-5 Secure Remote Access Session window and services page

Note The Secure Remote Access Session window may take a few seconds to appear.

If your computer is using Netscape Navigator and is unable to fully start the smaller secure remote session window shown in the figure above, Netscape Navigator might not be installed with Sun Java 2 support. You may need to run the Netscape Navigator installation application again, ensuring that Sun Java 2 support is selected.

Note Update the proxy settings of the your Web browser to the values displayed on the Proxy Configuration alert or the Secure Remote Access Session window. This enables you to access Web-based applications.

2.3 Using the Access Gateway Browser Plug-inThe Secure Remote Access Session window is the graphical user interface to the browser plug-in. It allows you to securely access intranet portals, corpo-rate applications, file systems, or email on a private network. Closing the Access Gateway Session window ends the session. As a result, you are discon-nected from the private network.


Figure 2-6 Secure Remote Access Session window

The components of the Secure Remote Access Session window are described as follows:

• Proxy: The IP address and port number of the Web browser’s proxy that enables Web access.

• Bytes sent: The quantity of data sent through the plug-in from the client to the server.

• Bytes received: The quantity of data received through the plug-in from the server to the client.

• Home: Displays the portal page.• Applications: Click this button to view the list of intranet applications con-

figured on the system.• Compression Stats: Displays the compression statistics.• File Transfer: Click this button to download or upload files, from the net-

work, using the Web-based interface.• Logout: Click this button to log off from the Access Gateway session. The

message displayed in the Secure Remote Access Session window indicates that the Access Gateway session terminates if you close the window. To gracefully terminate the session, click Logout. Otherwise, changes to the Hosts file on the client computer and the proxy settings are not rolled back.

The following sections cover the various tasks that you can perform with the plug-in.

2.3.1 Accessing Applications on the Corporate Network

As a remote user, you are authorized to access and use a limited set ofapplica-tions on your company’s network. The administrator configures these applica-tions on servers in the corporate network. To view these applications, click the


Applications button on the Secure Remote Access Session window. The Intra-net Applications window, listing all the applications, is displayed.

Figure 2-7 Intranet Applications window

During an Access Gateway session, you access these applications using the plug-in. There are two methods for doing so. The methods are:

• Hosts File Modification Method• SourceIP and SourcePort Method

These methods are explained in the following sections.

2.3.1.1 Hosts File Modification Method

In this method, the plug-in adds an entry, corresponding to the applications configured by the administrator, in the Hosts file. Note however that you must be logged on with root or administrative privileges in order for the plug-in to be able to modify this file. If you are not logged on to the system with the ade-quate privileges, you need to manually edit the file yourself, adding the appro-priate entries to the Hosts file as discussed in the following section.

Consider a scenario where you need to open a Telnet session to a remote sys-tem from your computer. You use the computer to work both within your com-pany’s intranet and remotely.

To ensure connectivity to the remote system from both within and outside your company’s intranet

1. Add an entry 10.100.101.77 telnet1 in the Hosts file on your computer. This entry consists of the IP address of the remote system and it’s host name.


Note On a computer that hosts the Windows® platform, the Hosts file is located at %SYSTEMROOT%\system32\drivers\etc. On a computer that hosts the Macintosh and Linux operating systems, this file is located at /etc/hosts.

To access the remote system from within your company’s intranet

1. Initiate a Telnet session.2. Type Open telnet1. The logon prompt of the remote system is displayed.

To access the remote system outside your company’s intranet

1. Log on to the Access Gateway Web site.2. Initiate a Telnet session.3. Type Open telnet1. The logon prompt of the remote system is displayed.

2.3.1.2 SourceIP and SourcePort Method

If you do not have administrative rights on your computer, the plug-in does not update the Hosts file. You need to manually configure the applications using the source IP address and port values indicated on the Intranet Applications window. Within your company's intranet, use the destination IP address and destination port values corresponding to the application to be accessed. When using the Access Gateway to access an application, use the source IP address and port values. Consider the example in the previous section.

To access the remote system from within your company’s intranet

1. Initiate a Telnet session.2. Type Open 100.100.101.77. The logon prompt of the remote system is

displayed.

Note 10.100.101.77 is the DestIP value corresponding to telnet1.

To access the remote system

1. Log on to the Access Gateway Web site.2. Initiate a Telnet session.3. Type Open 127.0.0.1. The logon prompt of the remote system is dis-

played.

Note 127.0.0.1 is the SourceIP value corresponding to telnet1.

2.3.2 Using Web-based Applications

The Access Gateway uses the Forward Proxy model to access intranet portals. All Web-based traffic is tunneled through the plug-in. When Internet Explorer is used to access the Access Gateway logon page, the plug-in changes the proxy settings to reflect the proxy server indicated on the Secure Remote


Access Session window. These changes are rolled back when the user logs off. This behavior is restricted to Internet Explorer on Windows. Other browsers need to be configured manually.

2.3.2.1 Using the Access Gateway with Netscape and Firefox

You need to manually configure the proxy server settings of Netscape and Fire-fox. The following procedure lists the steps to do so.

To configure the proxy settings on Netscape and Firefox

1. On the Edit menu, select Preferences. The Preferences window is dis-played.

Figure 2-8 Preferences window

2. Under Category, expand the Advanced optionand select Proxies. The Proxies pane is displayed.


Figure 2-9 Proxies pane

3. Select Manual proxy configuration.4. In HTTP Proxy and SSL Proxy, type the IP and port address. These IP

addresses are displayed in the Secure Remote Access Session Window.5. Click OK to save the changes.

2.3.2.2 Using the Access Gateway on Safari

When accessing the Access Gateway from the Macintosh OS X Safari Web browser, the appropriate proxy settings are automatically configured for the session by the plug-in. No proxy configuration is necessary by the user.

2.3.3 Accessing a Remote File System

To access the remote file system, click File Transfer in the Secure Remote Access Session window. The SSL VPN: Remote Secure File System Access page is displayed. This page allows you to log on to the corporate network and access shared resources. The following figure illustrates the various compo-nents of this page.


Figure 2-10 File Transfer page

The following sections cover the various components of the SSL VPN: Remote Secure File System Access page.

Top Panel

The top panel of the browser window displays a number of buttons that will allow you to perform various tasks, pertaining to the storage and transfer of files.

Click this button to log on to the corporate network or a specific com-puter on that network.

Click this button to navigate to the preceding folder in the folder tree.

Click this button to refresh the contents of the active folder.

Click this button to create a subfolder within the folder that is selected.

Click this button to download the selected file from the remote server.


Click this button to upload the selected file from the local client com-puter to a folder in the remote file server.

Click this button to delete the selected file from the remote machine.

Click this button to change the name of a file or folder, which is selected.

Click this button to disconnect from the remote server.

Left Panel

The servers, their directories, and the directory structure are displayed in a tree format in the left panel as shown in the following figure. Click the + icon to view a subfolder.

Figure 2-11 Left panel

Right Panel

The right panel displays the logon server window. Use this window to log on to the file system on the corporate network or an appropriate file server. To access the file system, leave the Login Server field blank or click the Net-work Neighborhood link in the left panel.


To log on to a file server

1. Enter the IP address or the name of the server in the Address field.

Note If you leave this field blank, you are logged on to the corporate network and not any specific server.

2. Enter your logon ID in the Login field. 3. Enter your password in the Password field. If the remote server does not

require a password, leave this field blank.4. Enter a valid domain name. If the remote server has not been assigned a

specific domain, leave the field blank.

The right panel now displays the subfolders and files as shown in the following figure. The location of the active folder is displayed in the Address field.

Note Authorization policies, configured by the administrator, are not applied to this operation since it bypasses the gateway. As a result, on a Windows computer, it is advised that you access shared resources using Windows Explorer instead of the File Transfer window.

Figure 2-12 Right panel

To download a file from a remote server

1. Select the file. 2. Click the Download icon. The File Download window is displayed.


3. Click Save. The Save As dialog box is displayed.4. Navigate to the appropriate folder, and click Save to save the file.

To upload a file to the remote server

1. Select the file on the local machine.

2. Click to upload the file to the remote server.

To remove a folder, subfolder, or file

1. Select the file, folder, or subfolder. 2. Click the Delete icon. The file is deleted from the remote machine.

Note A parent folder that contains subfolders cannot be removed. To delete a parent folder with sub folders, you need to delete the subfolders first and then delete the parent folder.

2.3.4 Accessing Internal Web Sites

The default portal page is created based on the data configured by the admin-istrator. The portal page is shown in the following figure. This page lists the most commonly accessed intranet Web sites and file systems. The administra-tor configures the links visible under the Configured sections on this page. You can create your own bookmarks to appear under the Personal bookmark sections. This chapter covers the various configuration tasks that you can per-form on the portal page.

Note Your administrator may have customized the portal page. The appearance of the page might vary from what is shown in this guide.


Figure 2-13 Portal page

2.3.5 Using Portal Tools

The portal page has several built-in tools to assist you in using the Access Gateway. These tools include a ping interface for checking the accessibility of network hosts, tips, online help, the Access Gateway file transfer utility, and the Access Gateway themes utility.

These tools have been placed under the home, file transfer, and themes tabs on the Access Gateway portal page.

2.3.6 Home

The tools under this tab help you navigate your way through the Access Gate-way. This page can be customized by the administrator by providing themes that users can apply for themselves. The individual tools are described below.

Ping Pane

The ping pane allows you to check the accessibility of other computers on your


corporate network and on the Internet. This feature can help you troubleshoot connectivity issues if any, with your Access Gateway session in addition to determining availability of a server hosting a resource on the network.

In Server, type the IP address, host name, or domain name of the computer you wish to ping and click Ping. The result of the ping query is displayed on this pane.

Figure 2-14 Ping pane

Tip and Help Pane

The Tip pane offers helpful hints on using the Access Gateway and its various features. The Help tool is used to access the Access Gateway Enterprise Edi-tion User’s Guide. The User’s Guide includes not only instructions on using the Access Gateway but also lists error code explanations and provides other trou-bleshooting assistance.

Bookmarks Pane

The Access Gateway portal allows you to create your own set of links to com-monly accessed resources. These bookmarks may be links to either corporate network or Internet Web sites or network accessible file systems in the corpo-rate network.

To create these bookmarks, click Add on the right side of the page. The follow-ing figure shows the New Bookmark page.

In Name field, type the label to be used for your new link. In Address Field type either the Web address of the Web site or the network path to the file server. In the Description field, type a short description for the created link. Once done, click Add to apply the new link or Cancel to exit the window with-out making any changes.


Figure 2-15 Add Bookmark Page

The bookmark added here is listed under the personal bookmarks on the Access Gateway home page.

Note The Access Gateway automatically differentiates between Web site addresses and network file system paths based on the format in which they are entered. You do not need to specify which type of resource your link is for when you create it.

Remove a bookmark

To remove a personal bookmark, click Remove on the right side of the page. The Remove Bookmark page is displayed as shown in the figure. Select the bookmark you want to remove and click Remove to confirm removal or click Cancel to exit the window without making any changes.


Figure 2-16 Remove bookmark page

Note You can remove only bookmarks listed under the Personal column and not those under the Configured column.

2.3.6.1 File transfer

For details, refer to the Accessing a Remote File System section.

2.3.6.2 Themes

You can select themes that have been made available by the administrator for use with your Access Gateway session. The theme selected is applied across all pages on the Access Gateway portal page.

If themes are not configured by the administrator, on the Themes tab of the portal page, an error message is displayed as shown in the figure below:


Figure 2-17 No themes configured

Selecting a theme for the Access Gateway session

On the Themes tab in the Access Gateway portal page, you can see the con-figured themes made available by the administrator. Click Select next to the theme name for the theme to be applied for your current session and all future sessions.

Customizing your theme

You can click Customize next to the theme name and change individual parameters used in the theme. The changes made are stored in a theme called Current Custom Theme and applied to the current theme.


Figure 2-18 Customize your theme

Select the colors you want for each item on the Access Gateway portal page, the font style and size and then click Save Preferences. The customized theme replaces the old theme on the portal page.

Note You can restore the default theme for the portal page by clicking Reset to site defaults on the Themes tab.

2.3.7 Terminating the Access Gateway Session

To log off from the Access Gateway session, click Logout.

Note If you close the Secure Remote Access Session window the changes to the Hosts file on the client computer and the proxy settings are not rolled back.


Chapter 3

Troubleshooting the Access Gateway Browser Plug-in

This chapter covers the troubleshooting of the Access Gateway browser plug-in. The following topics are described in this chapter:

• Debugging the Access Gateway Browser Plug-in• Access Gateway Session Error Codes

3.1 Debugging the Access Gateway Browser Plug-in

By default, the plug-in maintains a log of all of its activities in a separate ASCII file. This ASCII file, also known as a log file, is stored in the file system by the name mpSSLVpn.

On a Windows computer, this file is stored in the root directory. For example, if the operating system resides on a partition labeled C of the hard disc, the log file is generated in the %tmp% folder. On Macintosh OS X and Linux, the log file is generated in the /tmp directory.

3.2 Access Gateway Session Error CodesThe following table lists the error codes displayed by the Access Gateway ses-sion. It also provides a description of these error codes.

SSL VPN User’s Guide 3-1

Troubleshooting the Access Gateway Browser Plug-in

Table 3-1 Specific error codes displayed by the Access Gateway session

Message Explanation Action

Hosts file update failed.

This message indicates that the plug-in is unable to update the Hosts file on the client computer.

Log on to the computer as an administrator. This ensures that the Hosts file is updated. Alternately, follow the procedure outlined in the section “SourceIP and SourcePort Method” in chapter 2 of this guide.

3-2 SSL VPN User’s Guide

citrix access gateway enterprise editiondocshare01.docshare.tips/files/24520/245203403.pdf · 2016....

Documents