RE: ICA Client and ISA Server

  • From: Chris Lawless <ChrisL@xxxxxxxxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Sat, 6 Apr 2002 10:42:36 -0500

I have to get the going as well, but Citrix was more urgent. I've read this
article, and very good it was too, but I believe this is how to set up a
Citrix server "inside" ISA such that people from "outside" can get to it.
For now all I need is for a user "inside" to reach a Citrix server that is
"outside". I gifured I'd just need a protocol rule but must be missing
something.

Chris.

-----Original Message-----
From: Joel Heideman [mailto:webmaster@xxxxxxxxxxxxxxxxx]
Sent: Friday, April 05, 2002 10:59 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ICA Client and ISA Server


http://www.ISAserver.org



Use the Terminal Server web client instead, its SO much better.

Or, follow this:

How to Publish a Citrix Server Behind ISA Server (Q300177)

----------------------------------------------------------------------------
--

SUMMARY
This article describes how to publish a Citrix Metaframe version 1.8 server
by using Internet Security and Acceleration (ISA) Server so that external
ICA clients can connect and run ICA sessions. 

MORE INFORMATION
The following steps describe how to configure the ISA Server and the Citrix
server. The configuration on the ISA Server requires the creation of a
packet filter, a protocol definition, and a server publishing rule. The
Citrix server is configured by running a command-line utility. 

How to Configure ISA Server 
Create a New Protocol Definition That Is Named "Citrix ICA TCP" 
Start the ISA Management console, open the Policy Elements container,
right-click Protocol Definitions , point to New , and then click Definition
. Note that if an Enterprise policy is applied to your array, you must
create the protocol definition at the Enterprise level. 


Name the protocol definition Citrix ICA TCP , and then click Next . 


Type 1494 in the Port number box. Leave the "Protocol type" setting as TCP .
Change the "Direction" setting to Inbound , and then click Next . 


Leave the "Do you want to use a secondary connection." setting at No , click
Next , and then click Finish . 


Server Publish the Citrix Metaframe Server 
Start the ISA Management console, open the publishing container, right-click
Server Publishing rules , point to New , and then click Rule . 


Name the rule that you are creating (for example, "Citrix Server"), and then
click Next . 


Type the address of your internal Citrix Server under Internal server , type
the appropriate address for the external interface on the ISA server under
ISA Server , and then click Next . 


Click Citrix ICA TCP , and then click Next . 


Select the appropriate client set. Note that if the server is used by
computers that are on the Internet, Any request is the best choice. 


Click Next , and then click Finish . 


Restart the Firewall service. 


How to Configure the Citrix Metaframe Server 
The Citrix server needs to be a SecureNAT client. That means that you do not
install the firewall client on the Citrix server; instead, configure the
default gateway to point to the internal interface of the ISA server and
configure a DNS address on the Citrix server that can resolve Internet
names. 

In addition, on the Citrix server you must set an alternate address for the
ICA sessions. First you must determine the correct ISA external address, and
then type the altaddr /set w.x.y.z command from a command prompt on the
Citrix server, where w.x.y.z is the external IP address of your ISA server.
The Citrix server must be restarted after you run this command. If you only
have one IP address that is bound to the external interface of the server,
use that address. If you have multiple IP addresses that are bound to the
external interface of the ISA server, type the one you used when you created
the server publishing rule earlier. 

When clients on the Internet want to connect to your Citrix server by using
an ICA client, they must connect to the external IP address on the ISA
server that is used in the server publishing rule. This is also the same IP
address that you specified when you ran the altaddr command. 

-----Original Message-----
From: Chris Lawless [mailto:ChrisL@xxxxxxxxxxxxxxxxxx] 
Sent: Friday, April 05, 2002 7:53 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] ICA Client and ISA Server


http://www.ISAserver.org


I've just started dabbling with ISA server so please pardon any stupid
questions. For testing I have an ISA server with a dial-up connection to the
net then I have a NIC and a PC on the internal side. I got HTTP going easily
enough, I can deny or allow it, FTP was a little trickier... darn that view
as a folder...

Now I'm looking at ICA, not too worried abour servers and all that yet but
I'd like to run an ICA client "inside" and allow it through. For my first
try I created a protocol rule to allow everythign to everywhere... no joy
for my Citrix ICA client though.

I then tried creating a protocol for Citrix ICA, specified the port as 1494
etc etc and created a rule to go with it, I even tried a packet filter.

It seems apparent that I'm missing something stupid, but is there a step by
step for something like this out there?

Chris

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
WEBMASTER@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
chrisl@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


Other related posts: