Good morning guys!
We have this problem at work; we connect to a Citrix Metaframe Presentation Server which servers the Terminal Services application.
When we click on it, it opens a .ICA file and trys to establish a connection to the remote server.
With ISA server in the middle, it fails. If I connect directly to the Internet, everything works OK and I can connect to the remote computer.
Checking ISA's Log, the problem is that it initiates a connection on port 2598 without any registered problems.
Then, the connection is denied on port 1494. The rule associated is one called "Full access to external", which provides unfiltered access to the Internet. I'm trying from a machine which has a user logged in with such privilege. This rule is the last one before the "deny all" final rule.
Why it is mentioning an allow traffic rule as the cause of the denial is a mystery to me...
What I see in the log also is that the Citrix connection launcher seems to try to go through ISA without a domain user name. May that be the problem? I tried adding user "Guest" to the rule "Full access to external", to no avail.
I tried quite a few ideas already... found a document at Citrix's support site recommending to run a VBS to allow unfiltered tunneled connections on additional ports. I configured port 2598 as a defined port, in order for it to not be filtered as unknown IP traffic, which helped get past that error... but not I'm stuck.
What do you think?
We have this problem at work; we connect to a Citrix Metaframe Presentation Server which servers the Terminal Services application.
When we click on it, it opens a .ICA file and trys to establish a connection to the remote server.
With ISA server in the middle, it fails. If I connect directly to the Internet, everything works OK and I can connect to the remote computer.
Checking ISA's Log, the problem is that it initiates a connection on port 2598 without any registered problems.
Then, the connection is denied on port 1494. The rule associated is one called "Full access to external", which provides unfiltered access to the Internet. I'm trying from a machine which has a user logged in with such privilege. This rule is the last one before the "deny all" final rule.
Why it is mentioning an allow traffic rule as the cause of the denial is a mystery to me...
What I see in the log also is that the Citrix connection launcher seems to try to go through ISA without a domain user name. May that be the problem? I tried adding user "Guest" to the rule "Full access to external", to no avail.
I tried quite a few ideas already... found a document at Citrix's support site recommending to run a VBS to allow unfiltered tunneled connections on additional ports. I configured port 2598 as a defined port, in order for it to not be filtered as unknown IP traffic, which helped get past that error... but not I'm stuck.
What do you think?
