RE: Access to Citrix Server

• From: "Ziyad Essa" <ziyad.essa@xxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 14 Dec 2001 08:51:20 -0700

        

        I hope that this Microsoft article helps.

        How to Publish a Citrix Server Behind ISA Server [Q300177]

        PSS ID Number: Q300177

        Article last modified on 08-02-2001

        :2000

        
======================================================================

        
------------------------------------------------------------------------
-------

        The information in this article applies to:

        - Microsoft Internet Security and Acceleration Server 2000 

        
------------------------------------------------------------------------
-------

        SUMMARY

        =======

        This article describes how to publish a Citrix Metaframe version
1.8 server by

        using Internet Security and Acceleration (ISA) Server so that
external ICA

        clients can connect and run ICA sessions.

        MORE INFORMATION

        ================

        The following steps describe how to configure the ISA Server and
the Citrix

        server. The configuration on the ISA Server requires the
creation of a packet

        filter, a protocol definition, and a server publishing rule. The
Citrix server

        is configured by running a command-line utility.

        How to Configure ISA Server

        ---------------------------

        Create an IP Packet Filter That Is Named "Inbound ICA TCP 1494":

        1. Start the ISA Management console, open the Access Policy
container,

        right-click IP Packet Filters, point to New, and then click
Filter.

        2. Name the rule that you are creating (for example, "Inbound
ICA TCP 1494"),

        and then click Next.

        3. Click Custom, and then click Next.

        4. Click TCP in the IP protocol box, click Both in the Direction
box, click

        Fixed port in the Local port box, type "1494" (without the
quotation marks)

        in the Port number box, leave the All ports setting at Remote
port, and then

        click Next.

        5. Click Default IP addresses, or type a specific external IP
address. If you

        have just one IP address that is bound to the external interface
of the ISA

        server, or if you are only publishing one Citrix server, leave
this selection

        at Default IP address, and then click Next.

        6. Leave the selection at All remote computers, click Next, and
then click

        Finish.

        Create a New Protocol Definition That Is Named "Citrix ICA TCP":

        1. Start the ISA Management console, open the Policy Elements
container,

        right-click Protocol Definitions, point to New, and then click
Definition.

        Note that if an Enterprise policy is applied to your array, you
must create

        the protocol definition at the Enterprise level.

        2. Name the protocol definition "Citrix ICA TCP" (without the
quotation marks),

        and then click Next.

        3. Type 1494 in the Port number box. Leave the "Protocol type"
setting as TCP.

        Change the "Direction" setting to Inbound, and then click Next.

        4. Leave the "Do you want to use a secondary connection."
setting at No, click

        Next, and then click Finish.

        Server Publish the Citrix Metaframe Server:

        1. Start the ISA Management console, open the publishing
container, right-click

        Server Publishing rules, point to New, and then click Rule.

        2. Name the rule that you are creating (for example, "Citrix
Server"), and then

        click Next.

        3. Type the address of your internal Citrix Server under
Internal server, type

        the appropriate address for the external interface on the ISA
server under

        ISA Server, and then click Next.

        4. Click Citrix ICA TCP, and then click Next.

        5. Select the appropriate client set. Note that if the server is
used by

        computers that are on the Internet, Any request is the best
choice.

        6. Click Next, and then click Finish.

        7. Restart the Firewall service.

        How to Configure the Citrix Metaframe Server

        --------------------------------------------

        The Citrix server needs to be a SecureNAT client. That means
that you do not

        install the firewall client on the Citrix server; instead,
configure the default

        gateway to point to the internal interface of the ISA server and
configure a DNS

        address on the Citrix server that can resolve Internet names.

        In addition, on the Citrix server you must set an alternate
address for the ICA

        sessions. First you must determine the correct ISA external
address, and then

        type the "altaddr /set w.x.y.z" (without the quotation marks)
command from a

        command prompt on the Citrix server, where w.x.y.z is the
external IP address of

        your ISA server. The Citrix server must be restarted after you
run this command.

        If you only have one IP address that is bound to the external
interface of the

        server, use that address. If you have multiple IP addresses that
are bound to

        the external interface of the ISA server, type the one you used
when you created

        the server publishing rule earlier.

        When clients on the Internet want to connect to your Citrix
server by using an

        ICA client, they must connect to the external IP address on the
ISA server that

        is used in the server publishing rule. This is also the same IP
address that you

        specified when you ran the "altaddr" (without the quotation
marks) command.

        Additional query words:

        
======================================================================

        Keywords : kbnetwork kbtool 

        Technology : kbAudDeveloper kbISAS2000 kbISAServSearch

        Version : :2000

        Issue type : kbhowto

        
========================================================================
=====

        Copyright Microsoft Corporation 2001.

-----Original Message-----
From: Jason Beckett [mailto:jbeckett@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, December 13, 2001 4:56 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Access to Citrix Server
Importance: High


http://www.ISAserver.org


Ok I went and made these changes, Now when I double click on the ica
client it says "Cannot connect to the Citrix server: The Citrix Server
you have selected is not accepting connections." So now how does the ISA
server know which server to pass the request to. 

ISA Server is on it own server and the citrix server is on an internal
server. How to I pass all requests for citrix to my internal server?

Thanks 

Jason 

-----Original Message-----
From: Ziyad Essa [mailto:ziyad.essa@xxxxxxxxxxxxxx]
Sent: Thursday, December 13, 2001 2:59 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Access to Citrix Server


http://www.ISAserver.org


A pre defined protocol called ICA "Citrix Intelligent Console
Architecture protocol" on TCP port 1494. 
Go to access policy then Protocol rules. 
select the protocol rule that you have defined for your site,
select the protocol tab,
under this rule applies to, select selected protocols,
from the protocols list, check the box next ICA
Hope that helps
 
Ziyad

-----Original Message-----
From: Jason Beckett [mailto:jbeckett@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, December 13, 2001 3:53 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Access to Citrix Server


http://www.ISAserver.org


I am really new to ISA server, So I have made a protocol rule for tcp on
port 1494. What do you mean by check it in my protocol rules.???
 
Thanks for you help

-----Original Message-----
From: Ziyad Essa [mailto:ziyad.essa@xxxxxxxxxxxxxx]
Sent: Thursday, December 13, 2001 2:25 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Access to Citrix Server


http://www.ISAserver.org


you already have a protocol rule created for port 1494 Citrix
Intelligent Console Architecture protocol,  all you need is to check it
in your Protocol Rules

-----Original Message-----
From: Jason Beckett [mailto:jbeckett@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, December 13, 2001 3:20 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Access to Citrix Server
Importance: High


http://www.ISAserver.org



I need to gain access to my citrix server through my isa server. What
ports do I open and how do I do this? 

Thank you for any help 

Jason 
Network Administrator 
(604)687 2990 ext 1024 

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ziyad.essa@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jbeckett@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ziyad.essa@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jbeckett@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ziyad.essa@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Access to Citrix Server
• » RE: Access to Citrix Server
• » RE: Access to Citrix Server
• » RE: Access to Citrix Server
• » RE: Access to Citrix Server
• » RE: Access to Citrix Server

1. Home
2. isalist
3. Archive
4. 12-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---