Solved

Passing ICA client thru Cisco IOS firewall on a 1720

Posted on 2001-06-12
5
222 Views
Last Modified: 2010-04-17
Is ther anything special I should do when configuring my firewall. I understand these clients dynamically change ports during a session, and I'm wondering if I need to setup generic CBAC (context based access control) inspection.

Thanks for any help
0
Comment
Question by:gm1119
  • 3
5 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 75 total points
ID: 6181341
If you do set up CBAC, then you would have to use any any and not restrict ports.
I don't think there is anything special you need to do on the router, but if you are using NAT, that may be an issue. Might want to check out CA web site regarding the restrictions on using NAT with ICA.
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 6183522
You should be fine.  The only issue that I know of that might hit you is TCP tear down of the idle session.  If the client sits idle for too long the NAT session might be torn down ending the ICA session.  As long as the client is allowed to make connections outbound on TCP 1494, it should work.  PIX has no trouble with it.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 6183581
Are the clients connecting to a Citrix MetaFrame server, or to a Windows Terminal Server?
Are you using Load Balancing, or do you need to allow server browsing through the firewall? If so, you need to open UDP port 1604 also.

If you are using NAT, and the server is Citrix you need to setup the altaddr, here is some helpful information:


http://hqextsrvsft01.citrix.com/cgi-bin/webcgi.exe/,/?Session=1972232,U=1,ST=171,N=0005,K=19728,SXI=8,Case=obj(1078)



0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7803189

This question appears to be abandoned. I will allow one week before I close this question
with the following recommendation:

- points to lrmoore

if there is any objection to this recommendation then please post it here within 7 days.

thanks,

lrmoore@nw
EE Cleanup Volunteer
0
 

Expert Comment

by:SpideyMod
ID: 7865768
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Routing with 2 ISP connection 5 61
solarwind tftp server 2 44
Classlful vs Classless subneting 18 61
Interface VLAN dependencies 6 32
While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now