Help and Support

Article ID: 837739 - Last Review: December 24, 2008 - Revision: 5.0

How to publish a Citrix Metaframe version 1.8 server by using Internet Security and Acceleration Server 2006, ISA Server 2004, or Forefront Threat Management Gateway Medium Business Edition or Windows Essential Business Server 2008

View products that this article applies to.

On This Page

Expand all | Collapse all

INTRODUCTION

This article describes how to publish a Citrix Metaframe version 1.8 server by using Internet Security and Acceleration (ISA) Server 2006, ISA Server 2004, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008. You can use this process so that external Citrix Independent Computing Architecture (ICA) clients can run ICA sessions on the Citrix Metaframe server.
Back to the top

MORE INFORMATION

To publish a Citrix Metaframe server by using ISA Server, you must configure the following:
  • Protocol definition
  • Server publishing rule
Back to the top

Create a new protocol definition

  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Server Management.
  2. In the ISA Server Management console, expand ISAServer. ISAServer is the name of your ISA Server computer. Or, expand TMGServer. TMGServer is the name of your Forefront Threat Management Gateway Medium Business Edition or Windows Essential Business Server 2008.
  3. Click Firewall Policy.
  4. On the Toolbox tab, click Protocols.
  5. Under Protocols, click New, and then click Protocol.
  6. In the New Protocol Definition Wizard, type a descriptive name, and then click Next. For example, you might type Citrix ICA TCP, and then click Next.
  7. On the Primary Connection Information page, click New.
  8. In the New/Edit Protocol connection dialog box, click TCP in the Protocol type list, change the Direction setting to Inbound, type 1494 in the From and To boxes in the Port range section, click OK, and then click Next.
  9. On the Secondary Connections page, click No under Do you want to use secondary connections, click Next, and then click Finish.
  10. Click Apply to save the changes to the firewall policy, and then click OK.
Back to the top

Create a publishing rule for the Citrix Metaframe server

  1. Click Firewall Policy.
  2. On the Tasks tab, click Create New Server Publishing Rule.

    Note In ISA Server 2006, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 click Publish Non-Web Server Protocols.
  3. In the New Server Publishing Rule Wizard, type a descriptive name for the rule. For example, type Citrix Server, and then click Next.
  4. On the Select Server page, type the IP address of the Citrix Metaframe server, and then click Next.
  5. On the Select Protocol page, click Citrix ICA TCP in the Selected Protocol list, and then click Next.
  6. On the IP Addresses page, click the External option under Listen for requests from these networks, click Next, and then click Finish.
  7. Click Apply to save the changes to the firewall policy, and then click OK.
Back to the top

Configure the Citrix Metaframe server

The Citrix Metaframe server must also be a SecureNAT client. That means that you do not install the firewall client on the Citrix Metaframe server. Instead, configure the default gateway to point to the internal interface of the ISA Server 2004 server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 and configure a DNS address on the Citrix Metaframe server that can resolve Internet names.

Also, on the Citrix Metaframe server you must set an alternative address for the ICA sessions. First you must determine the correct ISA Server external address, and then type altaddr /set w.x.y.z in a command window on the Citrix Metaframe server. In the previous command, w.x.y.z is the external IP address of your ISA Server computer. You must restart the Citrix Metaframe server after you run this command. If you only have one IP address that is bound to the external interface of the ISA Server computer, use that address. If you have multiple IP addresses that are bound to the external interface of the ISA Server computer type the IP Address that you specified earlier in the server publishing rule.

When clients on the Internet want to connect to your Citrix server by using an ICA client, they must connect to the external IP address on the ISA Server computer that is used in the server publishing rule. This is also the same IP address that you specified when you ran the altaddr command.
Back to the top
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
300177  (http://support.microsoft.com/kb/300177/ ) How to publish a Citrix server behind ISA Server
Back to the top
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2004 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Windows Essential Business Server 2008 Standard
  • Microsoft Forefront Threat Management Gateway, Medium Business Edition
Back to the top
Keywords: 
kbisa2006swept kbhowto KB837739
Back to the top

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations