We have a third party who maintains our Cisco ASA firewall. I have been working with them for days trying to get the remote access to work for Horizon View 5.2. Using the View Client, we can connect, authenticate, chose the desktop, but then we get the black screen. Using HMTL accces, we can connect, authenticate, choose the desktop, but then we get this error An error has occurred: {"code":"ETIMEDOUT","errno":"ETIMEDOUT","syscall":"connect"}.
I have followed all the docs, etc that are published on these and everything points to the Firewall configuration. Unfortunately, I do not know how to maintain the firewall and so I am at the mercy of the 3rd party vendor. They tell me it is all correct.
I am hoping there is someone out there who knwos a CISCO ASA 5510 that can review these settings and let me know what they are missing or doing wrong.
We have two connection servers. One is paired with a Security server that sits on the DMZ. The other is used internally for direct PCOIP access.
Here is our current ASA configuration for these servers. I have changed the actual IP's but here are the meanings
Security server outside IP address 1.1.1.1
Security server DMZ address 2.2.2.2
Connection server address 3.3.3.3
View desktops 4.4.4.X
access-list outside-in extended permit tcp any host 1.1.1.1 eq https
access-list outside-in extended permit tcp any host 1.1.1.1 eq 4172
access-list outside-in extended permit udp any host 1.1.1.1 eq 4172
access-list outside-in extended permit tcp any host 1.1.1.1 eq www
access-list outside-in extended permit tcp any host 1.1.1.1 eq 8443
access-list dmz-inside extended permit tcp host 2.2.2.2 host 3.3.3.3 eq 4001
access-list dmz-inside extended permit udp host 2.2.2.2 host 3.3.3.3 eq isakmp
access-list dmz-inside extended permit udp host 2.2.2.2 host 3.3.3.3 eq 4500
access-list dmz-inside extended permit tcp host 2.2.2.2 host 3.3.3.3 eq 8009
access-list dmz-inside extended permit tcp host 2.2.2.2 host 3.3.3.3 eq 3389
access-list dmz-inside extended permit tcp host 2.2.2.2 host 3.3.3.3 eq 4927
access-list dmz-inside extended permit tcp host 2.2.2.2 host 3.3.3.3 eq 4172
access-list dmz-inside extended permit udp host 2.2.2.2 host 3.3.3.3 eq 4172
access-list dmz-inside extended permit tcp host 2.2.2.2 host 3.3.3.3 eq 32111
access-list dmz-inside extended permit tcp host 2.2.2.2 host 3.3.3.3 eq www
access-list dmz-inside extended permit tcp host 2.2.2.2 host 3.3.3.3 eq https
access-list dmz-inside extended permit tcp host 2.2.2.2 host 3.3.3.3 eq 22443
access-list dmz-inside extended permit tcp host 2.2.2.2 4.4.4.0 255.255.255.0 eq 3389
access-list dmz-inside extended permit tcp host 2.2.2.2 4.4.4.0 255.255.255.0 eq 4927
access-list dmz-inside extended permit tcp host 2.2.2.2 4.4.4.0 255.255.255.0 eq 4172
access-list dmz-inside extended permit udp host 2.2.2.2 4.4.4.0 255.255.255.0 eq 4172
access-list dmz-inside extended permit tcp host 2.2.2.2 4.4.4.0 255.255.255.0 eq 22443
access-list dmz-inside extended permit tcp host 2.2.2.2 4.4.4.0 255.255.255.0 eq 32111
static (inside,DMZ) 3.3.3.3 3.3.3.3 netmask 255.255.255.255
static (DMZ,outside) 1.1.1.1 2.2.2.2 netmask 255.255.255.255 dns
In looking at this doc from VMWARE it does not appear that our config covers everything and there are entries from the security server to the connection server that may bit be needed. But not really knowing firewalls, maybe it is correct. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1027217
Any help would be greatly appreciated.