If you have not permitted port 80 with infuse (which i would not do, I would use ssl), than why do you not have 1604 udp open? I know, they say it does not need it....but that's what they saaayyy. Are you 100% sure that on the client you have gone under the options for firewall and set it for use alternat address? Did you use the alt addr command on the server to set it's alternat address?
Steve -----Original Message----- From: George Lutch [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 06, 2001 10:59 AM To: [EMAIL PROTECTED] Subject: Citrix Thru PIX I am trying to statically nat a Citrix MetaFrame XP server thru a PIX 506 firewall. I can ping the natted address on the outside but cannot access the Citrix server with the ICA client or the Terminal services client. I have the followint access rules set up on the PIX. access-list acl_out permit tcp any host 12.x.x.98 eq smtp access-list acl_out permit icmp any any access-list acl_out permit tcp any host 12.x.x.101 eq www access-list acl-out permit tcp any host 12.x.x.102 access-list acl-out permit udp any host 12.x.x.102 access-list acl-out permit tcp any host 12.x.x.102 eq www access-list acl-out permit tcp any host 12.x.x.102 eq 1494 access-list acl-out permit udp any host 12..x.102 eq 1494 I did a log on the PIX and received the followint entry. 106023: Deny tcp src outside:206.x.x.247/3237 dst inside:12.x.x.102/1494 by access-group "acl_out" The PIX firmware rev is 5.2(5) _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
