This article describes how to publish a Citrix Metaframe version 1.8 server by using Internet Security and Acceleration (ISA) Server 2006 or ISA Server 2004. You can use this process so that external Citrix Independent Computing Architecture (ICA) clients can run ICA sessions on the Citrix Metaframe server.

Back to the top

To publish a Citrix Metaframe server by using ISA Server, you must configure the following:

•	Protocol definition
•	Server publishing rule

Back to the top

Create a new protocol definition

1.	Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Server Management.
2.	In the ISA Server Management console, expand ISAServer, where ISAServer is the name of your ISA Server computer.
3.	Click Firewall Policy.
4.	On the Toolbox tab, click Protocols.
5.	Under Protocols, click New, and then click Protocol.
6.	In the New Protocol Definition Wizard, type a descriptive name, and then click Next. For example, you might type Citrix ICA TCP, and then click Next.
7.	On the Primary Connection Information page, click New.
8.	In the New/Edit Protocol connection dialog box, click TCP in the Protocol typelist, change the Direction setting to Inbound, type 1494 in the From and To boxes in the Port range section, click OK, and then click Next.
9.	On the Secondary Connections page, click No under Do you want to use secondary connections, click Next, and then click Finish.
10.	Click Apply to save the changes to the firewall policy, and then click OK.

Back to the top

Create a publishing rule for the Citrix Metaframe server

1.	Click Firewall Policy.
2.	On the Tasks tab, click Create New Server Publishing Rule. Note In ISA Server 2006, click Publish Non-Web Server Protocols.
3.	In the New Server Publishing Rule Wizard, type a descriptive name for the rule. For example, type Citrix Server, and then click Next.
4.	On the Select Server page, type the IP address of the Citrix Metaframe server, and then click Next.
5.	On the Select Protocol page, click Citrix ICA TCP in the Selected Protocol list, and then click Next.
6.	On the IP Addresses page, click the External option under Listen for requests from these networks, click Next, and then click Finish.
7.	Click Apply to save the changes to the firewall policy, and then click OK.

Back to the top

Configure the Citrix Metaframe server

The Citrix Metaframe server must also be a SecureNAT client. That means that you do not install the firewall client on the Citrix Metaframe server. Instead, configure the default gateway to point to the internal interface of the ISA Server 2004 server and configure a DNS address on the Citrix Metaframe server that can resolve Internet names.

Also, on the Citrix Metaframe server you must set an alternative address for the ICA sessions. First you must determine the correct ISA Server external address, and then type altaddr /set w.x.y.z in a command window on the Citrix Metaframe server. In the previous command, w.x.y.z is the external IP address of your ISA Server computer. You must restart the Citrix Metaframe server after you run this command. If you only have one IP address that is bound to the external interface of the ISA Server computer, use that address. If you have multiple IP addresses that are bound to the external interface of the ISA Server computer type the IP Address that you specified earlier in the server publishing rule.

When clients on the Internet want to connect to your Citrix server by using an ICA client, they must connect to the external IP address on the ISA Server computer that is used in the server publishing rule. This is also the same IP address that you specified when you ran the altaddr command.

Back to the top

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

Back to the top