IPSec / SSL VPN

Juniper SA publish custom ICA

René Jorissen on June 10, 2008 0 Comments • Tags: #2000 #2003 #custom #io #ica #juniper #sa #windows

I have deployed more Juniper SA 2000 appliance and in overall I am pleased with the working of the appliance. Sometimes we have minor problems when publishing ICA sessions through the appliance.

My colleagues have customers with connection problems, where suddenly the ICA sessions get disconnected and we cannot find the cause of these disconnects. Load balancing through the SA is also “hard” to configure. You have to define a custom ICA file and add the correct parameters for load balancing the sessions. In our opinion the Juniper SA appliance is a decent SSL VPN appliance, but not suitable for native Citrix environments. In native Citrix environments we prefer Citrix Secure Gateway or Citrix Access Gateway.

Now I recently noticed something strange with the Juniper SA. I am publishing a ICA session with a custom ICA file. The firmware of the Juniper is 5.5R2.1. Now I noticed that it isn’t possible to connect from a Windows 2003 server. When trying to connect you will receive the following error message:

I/O error

I checked the compatible platforms for Secure Terminal Access and Terminal Services for the 5.5 firmware and yes……Windows 2003 server isn’t supported!!!

Looking at the compatible platform for the latest firmware (6.2) Windows 2003 is supported for Secure Terminal Access and Terminal Services. So I hear you think: JUST UPGRADE THE DAM THING, but I don’t know the impact on the current configuration and published services.

I guess it would be great to check if it is possible to “hack” a Windows 2003 server and adjust the security features of the server. Because I guess that the security policies, introduced in Windows 2003 server, are the cause of not connecting the ICA session.

I hope: TO BE CONTINUED…..

The following two tabs change content below.

René Jorissen

Co-owner and Solution Specialist at 4IP Solutions
René Jorissen works as Solution Specialist for 4IP in the Netherlands. Network Infrastructures are the primary focus. René works with equipment of multiple vendors, like Cisco, Aruba Networks, FortiNet, HP Networking, Juniper Networks, RSA SecurID, AeroHive, Microsoft and many more. René is Aruba Certified Edge Expert (ACEX #26), Aruba Certified Mobility Expert (ACMX #438), Aruba Certified ClearPass Expert (ACCX #725), Aruba Certified Design Expert (ACDX #760), CCNP R&S, FCNSP and Certified Ethical Hacker (CEF) certified. You can follow René on Twitter and LinkedIn.

Latest posts by René Jorissen (see all)

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.