Forum Discussion
Could you provide a little more info on your setup, as I'm having issues when not using SSL Offload.
Here's an example of the configuration, starting with the Connection Servers:
- HTTPS: Use Secure Tunnel to Machine - checked / ticked
- External URL: view.company.com:443 (resolves to F5 VIP)
- PCoIP: Use PCoIP Secure Gateway (checked / ticked)
- PCoIP External URL: 10.10.20.1 (F5 VIP)
On F5:
- Remote Desktops - Server Side SSL (checked / ticked)
- SSL Bridging Mode: Deployed via iAPP, which includes the following:
- Client SSL Profile: VDI_client_ssl
- Server SSL Profile: VDI_server_ssl
APM: As per your instructions.
When I then try to connect using the View client directly, I receive the error "Tunnel reconnection is not permitted." When trying to use the F5 webtop, I receive a message the message "Your session could not be established."
I'm sure this is something straightforward, but I'm struggling to see where. Unchecking the secure tunnel / gateway on the CSs fires things straight back into life as expected, only USB redirection doesn't work.
- martek_58308Jun 30, 2016NimbostratusHi guys, Same here - we tested and have an issue as well message we can see is "could not establish tunnel connection" Q. Does certificate on CS and F5 need to be this same ? Q2 . Shouldn't External URL: view.company.com:443 (resolves to external IP )? Regards, Marcin
- Zuke_254875Jul 15, 2016Altostratus
I thought I was subscribed to this thread but didn't receive any notifications. Sorry for that.
Alex: Regarding the connection servers, I asked my coworker about how they are set up. Each HTTPS secure tunnel points to the IP address of the connection server it's on. We do not have PCoIP secure gateway enabled, or Blast Secure Gateway. These settings seem counter-intuitive to me, but that's how ours are set up.
Marcin: Q1: The SSL certificate on your F5 does not need to be the same. Go to your Access Policy > Application Access > Remote Desktops. Select your Remote desktop and make sure Server Side SSL is checked. Q2: I assume you're talking about the HTTPS Secure Tunnel field External URL? If so, no. Ours are set up with the IP addresses of the Connection Servers. Like I said above, this doesn't fully make sense to me, but that's how ours are set up.
Hope that helps, and again, sorry for the delay in responding to this thread.