Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

setup Cisco Pix 500 Series Firewall to allow ICA client pass through

I'm setting up a Cisco Pix 500 Series Firewall. On the outside I have our Web Server & Cisco 2500 Series Router conntected to the internet. On the inside is our corporate LAN. I am setting up a Server on our LAN running Citrix Metaframe 1.8. I need to configure the Firewall to allow the ICA protocol that Metaframe uses to pass through. Any examples of this would be appreciated.

New Member

Re: setup Cisco Pix 500 Series Firewall to allow ICA client pass

You would have to use the STATIC + CONDUIT commands if you know what ports you have to open up. If not follow my instructions in the thread :

Microsoft SQL and Ports for Outside Access to DMZ

Which can be applied in your case as well.

However there is the security aspect of this which I would like to warn you about. A good Firewall practice is to *NEVER* have any packets to pass directly from the outside to the inside. Your ICA server should be put into a DMZ, from where the ICA would contact the inside network to reach/run the applications which you have there

Best regards