72-33
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 72 Configuring Clientless SSL VPN
Configuring Browser Access to Plug-ins
Providing Access to a Citrix Java Presentation Server
As an example of how to provide clientless SSL VPN browser access to third-party plug-ins, this section
describes how to add clientless SSL VPN support for the Citrix Presentation Server Client.
With a Citrix plug-in installed on the ASA, clientless SSL VPN users can use a connection to the ASA
to access Citrix MetaFrame services.
A stateful failover does not retain sessions established using the Citrix plug-in. Citrix users must
reauthenticate after failover.
To provide access to the Citrix plug-in, follow the procedures in the following sections.
• Preparing the Citrix MetraFrame Server for Clientless SSL VPN Access
• Creating and Installing the Citrix Plug-in
Preparing the Citrix MetraFrame Server for Clientless SSL VPN Access
The ASA performs the connectivity functions of the Citrix secure gateway when the Citrix client
connects to the Citrix MetaFrame Server. Therefore, you must configure the Citrix Web Interface
software to operate in a mode that does not use the (Citrix) “secure gateway.” Otherwise, the Citrix client
cannot connect to the Citrix MetaFrame Server.
Note If you are not already providing support for a plug-in, you must follow the instructions in the“Preparing
the Security Appliance for a Plug-in” section on page 72-28 before using this section.
Creating and Installing the Citrix Plug-in
To create and install the Citrix plug-in, perform the following steps:
Detailed Steps
Step 1 Download the ica-plugin.zip file from the Cisco Software Download web site.
This file contains files that Cisco customized for use with the Citrix plug-in.
Step 2 Download the Citrix Java client from the Citrix site.
Step 3 Extract the following files from the Citrix Java client, then add them to the ica-plugin.zip file:
• JICA-configN.jar
• JICAEngN.jar
You can use WinZip to perform this step.
Step 4 Ensure the EULA included with the Citrix Java client grants you the rights and permissions to deploy
the client on your web servers.
Step 5 Open a CLI session with the ASA and install the plug-in by entering the following command in
privileged EXEC mode:
import webvpn plug-in protocol ica URL
URL is the host name or IP address and path to the ica-plugin.zip file.