Accessing Citrix Metaframe from behind ISA 2004 (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Access Policies



Message


asmurphy -> Accessing Citrix Metaframe from behind ISA 2004 (20.Aug.2004 2:58:00 AM)

Hi there,

I have a problem where I'm behind ISA Server 2004 and I'm trying to access a Citrix Metaframe XP server on another network. I can log into Nfuse ok but when I try to connect to Remote Console to a server I get the following error when the ICA client starts up. "The socket is not already bound to an address."

Looking at the firewall logs I'm seeing a lot of denied requests for SSL-Tunnel. They look like this.

Destination Port : 443
Protocol : SSL-tunnel
Action : Denied Connection
Http Method : Connect

I have HTTPS allowed from the Internal network to the External Network and the Local Host. Does anyone know where else I can look to fix this, it doesn't seem to matter what I put in the firewall config! I've also tried with and without the ISA Firewall Client and it doesn't work either.

Thanks




ctc_IT -> RE: Accessing Citrix Metaframe from behind ISA 2004 (24.Feb.2005 10:51:00 AM)

I'm having this exact problem as well. Can anybody PLEASE help ???




MorfiusX -> RE: Accessing Citrix Metaframe from behind ISA 2004 (24.Feb.2005 8:00:00 PM)

From what I've read, the Citrix client (if that's what you are using) tries to create a ssl tunnel on a non-standard port. ISA by default only allows ssl tunnels on a certiain port. You have to enable ISA to allow tunneling on the alternate port.

Link:
http://www.isaserver.org/articles/2004tunnelportrange.html




ctc_IT -> RE: Accessing Citrix Metaframe from behind ISA 2004 (25.Feb.2005 5:07:00 PM)

I'm assured it runs over a normal port 443. ICA/SSL is the protocol used - this protocol encapsulates ICA in SOCKS, further wrapped in SSL. Any further ideas ?




Page: [1]