Hi,
I suppose you want to configure inbound Citrix MetaFrame connections?
All you have to do is to add a static translation for the internal Citrix Server and create an access-list to allow the incoming traffic.
If the private ip address of the citrix server would be A.B.C.D, and the public address W.X.Y.Z. Then add the following lines to your config:
static (inside, outside) W.X.Y.Z A.B.C.D netmask 255.255.255.255
access-list citrix_in permit tcp any host W.X.Y.Z eq citrix-ica
access-group citrix_in in interface outside
This will allow all ica-clients on the internet to connect to the Citrix Server.
If you are using a webbrowser and Citrix NFUSE to connect to your Citrix server, you will have to add this line to allow the incoming http traffic towards the NFUSE server:
access-list citrix_in permit tcp any host ip_address_nfuse_server eq http
This should do it :-)
Kind Regards,
Tom