Passing ICA client thru Cisco IOS firewall on a 1720

Is ther anything special I should do when configuring my firewall. I understand these clients dynamically change ports during a session, and I'm wondering if I need to setup generic CBAC (context based access control) inspection.

Thanks for any help
gm1119Asked:
Who is Participating?
 
lrmooreCommented:
If you do set up CBAC, then you would have to use any any and not restrict ports.
I don't think there is anything special you need to do on the router, but if you are using NAT, that may be an issue. Might want to check out CA web site regarding the restrictions on using NAT with ICA.
0
 
geoffrynCommented:
You should be fine.  The only issue that I know of that might hit you is TCP tear down of the idle session.  If the client sits idle for too long the NAT session might be torn down ending the ICA session.  As long as the client is allowed to make connections outbound on TCP 1494, it should work.  PIX has no trouble with it.
0
 
lrmooreCommented:
Are the clients connecting to a Citrix MetaFrame server, or to a Windows Terminal Server?
Are you using Load Balancing, or do you need to allow server browsing through the firewall? If so, you need to open UDP port 1604 also.

If you are using NAT, and the server is Citrix you need to setup the altaddr, here is some helpful information:


http://hqextsrvsft01.citrix.com/cgi-bin/webcgi.exe/,/?Session=1972232,U=1,ST=171,N=0005,K=19728,SXI=8,Case=obj(1078)



0
 
lrmooreCommented:

This question appears to be abandoned. I will allow one week before I close this question
with the following recommendation:

- points to lrmoore

if there is any objection to this recommendation then please post it here within 7 days.

thanks,

lrmoore@nw
EE Cleanup Volunteer
0
 
SpideyModCommented:
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.