ICA traffic fail with asymmetric routing in SDWAN
Article ID: CTX281959
Updated On:
Description
ICA traffic fail with asymmetric routing. Ping is successful.
In SDWAN_Diagnostics.log in STS, you can see packets drops with reason - “Not valid for current connection state"
Resolution
If routing asymmetry is expected in the network, then you need to disable ICA classifier in the config :
1) Go to Configuration Editor
2) Select Global->Application
3) Uncheck "Enable Deep Packet Inspection for Citrix ICA Applications"
Please note that other dependent features on ICA classification (like app QoS for ICA) will not work.SD-WAN
Firewall Connection Tracking is enabled by default only for the traffic that uses ICA ports.
1) Go to Configuration Editor
2) Select Global->Application
3) Uncheck "Enable Deep Packet Inspection for Citrix ICA Applications"
Please note that other dependent features on ICA classification (like app QoS for ICA) will not work.SD-WAN
Firewall Connection Tracking is enabled by default only for the traffic that uses ICA ports.
Problem Cause
SD-WAN Firewall Connection Tracking is enabled for ICA traffic by default when ICA classifier is enabled. .This will prevent asymmetric routing traffic .
Was this article helpful?
Yes
No
Powered by
