setup Cisco Pix 500 Series Firewall to allow ICA client pass through
I'm setting up a Cisco Pix 500 Series Firewall. On the outside I have our Web Server & Cisco 2500 Series Router conntected to the internet. On the inside is our corporate LAN. I am setting up a Server on our LAN running Citrix Metaframe 1.8. I need to configure the Firewall to allow the ICA protocol that Metaframe uses to pass through. Any examples of this would be appreciated.
Re: setup Cisco Pix 500 Series Firewall to allow ICA client pass
You would have to use the STATIC + CONDUIT commands if you know what ports you have to open up. If not follow my instructions in the thread :
Microsoft SQL and Ports for Outside Access to DMZ
Which can be applied in your case as well.
However there is the security aspect of this which I would like to warn you about. A good Firewall practice is to *NEVER* have any packets to pass directly from the outside to the inside. Your ICA server should be put into a DMZ, from where the ICA would contact the inside network to reach/run the applications which you have there
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...