Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Citrix and Pix525

I am looking for the best practice configuration for Firewalls with Citrix MetaFrameXP.

Any ideas, comments, suggestions , please feel free to reply back.

Thanks in advance for helping out.

1 REPLY

Re: Citrix and Pix525

Hi,

I suppose you want to configure inbound Citrix MetaFrame connections?

All you have to do is to add a static translation for the internal Citrix Server and create an access-list to allow the incoming traffic.

If the private ip address of the citrix server would be A.B.C.D, and the public address W.X.Y.Z. Then add the following lines to your config:

static (inside, outside) W.X.Y.Z A.B.C.D netmask 255.255.255.255

access-list citrix_in permit tcp any host W.X.Y.Z eq citrix-ica

access-group citrix_in in interface outside

This will allow all ica-clients on the internet to connect to the Citrix Server.

If you are using a webbrowser and Citrix NFUSE to connect to your Citrix server, you will have to add this line to allow the incoming http traffic towards the NFUSE server:

access-list citrix_in permit tcp any host ip_address_nfuse_server eq http

This should do it :-)

Kind Regards,

Tom

94
Views
0
Helpful
1
Replies
CreatePlease login to create content