I have to get the going as well, but Citrix was more urgent. I've read this article, and very good it was too, but I believe this is how to set up a Citrix server "inside" ISA such that people from "outside" can get to it. For now all I need is for a user "inside" to reach a Citrix server that is "outside". I gifured I'd just need a protocol rule but must be missing something. Chris. -----Original Message----- From: Joel Heideman [mailto:webmaster@xxxxxxxxxxxxxxxxx] Sent: Friday, April 05, 2002 10:59 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ICA Client and ISA Server http://www.ISAserver.org Use the Terminal Server web client instead, its SO much better. Or, follow this: How to Publish a Citrix Server Behind ISA Server (Q300177) ---------------------------------------------------------------------------- -- SUMMARY This article describes how to publish a Citrix Metaframe version 1.8 server by using Internet Security and Acceleration (ISA) Server so that external ICA clients can connect and run ICA sessions. MORE INFORMATION The following steps describe how to configure the ISA Server and the Citrix server. The configuration on the ISA Server requires the creation of a packet filter, a protocol definition, and a server publishing rule. The Citrix server is configured by running a command-line utility. How to Configure ISA Server Create a New Protocol Definition That Is Named "Citrix ICA TCP" Start the ISA Management console, open the Policy Elements container, right-click Protocol Definitions , point to New , and then click Definition . Note that if an Enterprise policy is applied to your array, you must create the protocol definition at the Enterprise level. Name the protocol definition Citrix ICA TCP , and then click Next . Type 1494 in the Port number box. Leave the "Protocol type" setting as TCP . Change the "Direction" setting to Inbound , and then click Next . Leave the "Do you want to use a secondary connection." setting at No , click Next , and then click Finish . Server Publish the Citrix Metaframe Server Start the ISA Management console, open the publishing container, right-click Server Publishing rules , point to New , and then click Rule . Name the rule that you are creating (for example, "Citrix Server"), and then click Next . Type the address of your internal Citrix Server under Internal server , type the appropriate address for the external interface on the ISA server under ISA Server , and then click Next . Click Citrix ICA TCP , and then click Next . Select the appropriate client set. Note that if the server is used by computers that are on the Internet, Any request is the best choice. Click Next , and then click Finish . Restart the Firewall service. How to Configure the Citrix Metaframe Server The Citrix server needs to be a SecureNAT client. That means that you do not install the firewall client on the Citrix server; instead, configure the default gateway to point to the internal interface of the ISA server and configure a DNS address on the Citrix server that can resolve Internet names. In addition, on the Citrix server you must set an alternate address for the ICA sessions. First you must determine the correct ISA external address, and then type the altaddr /set w.x.y.z command from a command prompt on the Citrix server, where w.x.y.z is the external IP address of your ISA server. The Citrix server must be restarted after you run this command. If you only have one IP address that is bound to the external interface of the server, use that address. If you have multiple IP addresses that are bound to the external interface of the ISA server, type the one you used when you created the server publishing rule earlier. When clients on the Internet want to connect to your Citrix server by using an ICA client, they must connect to the external IP address on the ISA server that is used in the server publishing rule. This is also the same IP address that you specified when you ran the altaddr command. -----Original Message----- From: Chris Lawless [mailto:ChrisL@xxxxxxxxxxxxxxxxxx] Sent: Friday, April 05, 2002 7:53 PM To: [ISAserver.org Discussion List] Subject: [isalist] ICA Client and ISA Server http://www.ISAserver.org I've just started dabbling with ISA server so please pardon any stupid questions. For testing I have an ISA server with a dial-up connection to the net then I have a NIC and a PC on the internal side. I got HTTP going easily enough, I can deny or allow it, FTP was a little trickier... darn that view as a folder... Now I'm looking at ICA, not too worried abour servers and all that yet but I'd like to run an ICA client "inside" and allow it through. For my first try I created a protocol rule to allow everythign to everywhere... no joy for my Citrix ICA client though. I then tried creating a protocol for Citrix ICA, specified the port as 1494 etc etc and created a rule to go with it, I even tried a packet filter. It seems apparent that I'm missing something stupid, but is there a step by step for something like this out there? Chris ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: WEBMASTER@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: chrisl@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')