Installing and Configuring a Basic Extranet Server

RoyATokeshi
January 27, 2004 5:01 pm

Citrix states in their article: CTX119948

CTX119948 - Installing and Configuring a Basic Extranet Server

This document was published at: http://support.citrix.com/kb/entry.jspa?externalID=CTX119948

Document ID: CTX119948, Created on: Dec 28, 2000, Updated: Apr 23, 2003

Products: Citrix Extranet 2.0

Follow the steps below:
< p>1. Install Windows NT Server 4.0 with either SP5 or SP6a.

2. Install and configure two NICs on the server, one with an internal IP address and one with an external IP address. If you have a firewall, set up the Extranet server in parallel with the firewall.

3. Enable IP forwarding on the Windows NT Server.

4. Install Extranet on the Windows NT Server with the IPSec option. Do not install the entrust/netrust components.

5. Register the Extranet license on the Windows NT Server.

6. In the Extranet Admin tool, select the Configuration tab and click the System Definition button. Make sure that the entry for Server name/IP is the external IP address of the Windows NT Server. If it is a hostname, make sure that your DNS server resolves the hostname to the external IP address of your Windows NT Server.

7. Set up IPSec from the IPSEC button under the Configuration tab.

• In the IPSEC Server External Interface, add the external IP address of the Windows NT Server.

• Select the NAT Enabled check box to turn IPSec on.

• In the NAT Network text field, add the NAT network range in the form IP_Address_range:subnet_mask. Make sure the NAT range you add is a range of internal IP addresses not in use on your LAN.

• In the Adapter Security Levels box, set the internal NIC to ON and change the external NIC to Strict. This forces the Extranet server to allow only encrypted TCP packets to enter the server from the Internet.

8. Set up your IPSec access rules in the IPSEC Access tab.

• Click the Add button to enter a new IPSec access permission.

• In the Owner box, check the Group radio button and enter the Group name "all" in the Owner ID field. This creates the access permission for all users.

• In the Type box, check the Path permission radio button.

• For Destination host, add the IP range of your LAN; i.e., 192.168.1.0.

• For Destination mask, add the subnet mask of your LAN.

• For Protocol, select All.

• For Priority, select Highest.

• For Channel, select Encrypted.

• Leave the Port field alone (it should be grayed out).

9. Install the Extranet client and OLR the user. Make sure the Setup.ini file is set to install the SHIM and IPSEC (it has the SHIM listed by default).

10. Enable the user in the Users tab of the Extranet Admin tool.



Primary links

Custom Search

User login

Who's new

  • Cachleferah
  • Weedbacuupe
  • vororourn
  • vDonellaCandrah
  • SnnaSusi

Who's online

There are currently 0 users and 5 guests online.

KrissysCorner.com RuthSwensonLaw.com CreativeLizardProductions.com

DISCLAIMER:

None of this has anything to do with us, someone else is responsible for the entire thing, and we have no idea who or why. We do not know anything about it. It may be alien life forms for all we know: we haven't a clue. You cannot blame us for anything that may result from your visit. That was entirely your own personal choice, made by you of your own volition, and without our knowledge. We do not, after all, have any control over you and cannot by any stretch of the imagination be expected to accept or acknowledge, be it legally or morally, any accountability for decisions made by you on an independent basis, utilizing your own free will, and without our intervention. We are therefore in no way, shape, or form answerable to anyone for any consequences arising from the aforementioned or indeed any other actions, similar or otherwise, because it was not us that did, or did not do anything. It is not even remotely our fault, and we are in no way prepared or willing to accept any liability, not even slightly, ever. We are, in fact completely and utterly blameless, in that it is definitely not our concern, and no blame can possibly be laid at our doorstep, even if we had one, the possession of which we hereby reserve as being entirely our own free choice. The onus is not on us at all, and furthermore, never has been. The entire matter is wholly beyond our control, and completely out of our hands, each of which are washed scrupulously clean of the whole business. We are not accountable for anything at all, and we hereby categorically deny all responsibility for all that has ever, or will ever happen. Our innocence is therefore wholly beyond doubt and absolutely unimpeachable, and so cannot, under even the remotest or unlikeliest circumstances, be brought into question. By clicking either on a link on this site, clicking on a link that leads to this site, or by arriving at this site by natural or supernatural means, you are in effect accepting responsibility for the fact that it is all entirely your own fault, down to the most miniscule detail, and that you are wholly accountable for whatever outcome may arise as a consequence of the aforementioned action or actions insofar as they were undertaken personally by you on an entirely voluntary basis and without any persuasion, coercion or influence from any party or parties other than yourself. Don't come sniveling to us, we are only figments of your imagination. I also agree that if I am ever with a contributor to this website during mealtimes I agree to pay for any super-sizing of their meal, or at least a nice dessert or one of those foo-foo drinks with an umbrella or a monkey. By admitting to have seen the worthless spineless drivel on this website (also known as content)

I Agree Wholeheartedly and Without Reservation to the above. (Except maybe for that part about the monkey.)

All Your Base Are Belong To Us.

Soylent Green Is People!

Never make a bet with a Sicilian when Death is on the Line!

No. Really, I do agree.