We've got a proyect that requires a few thin clients to connect to a remote PCoIP server.
Looking to the documentation, the only port required to be open through Firewalls is TCP/UDP 4172, however, we've seen (making interface captures) that it somehow also uses ESP (IP protocol 50).
We've got a static NAT translation translating those thin clients to a public IP address, we've created ACLs to allow inbound (shouldn't be necessary as our user is connecting to a remote server) and outbound traffic for TCP/UDP 4172 and ESP and I cannot make it work.
I've also enabled IPSec pass-through Inspection to no avail.
Does anybody know how should we configure our ASA to enable this kind of traffic?
Thanks in advance.
Sadly I have no expirience with PCoIP. A quick look around online lists multiple ports for it but does not mention anything about ESP.
If you have gone as far as capture traffic on the local network to define which traffic to allow then I am not sure what more can be done in this situation.
I personally usually start troubleshooting by simply looking at the logs of the ASA while attempting the connections. See if anything gets blocked or if some TCP connections are timing out or resetted right away. And as you have done if the logs dont tell anything I resort to capture on the ASA directly and try to confirm what is being sent between the endpoints and if indeed the remote end is responding at all.
Is there any chance that the remote end is blocking something?
Is the view server on the outside interface of the ASA?
If this is the case as long as you are permitting outbound traffic and you have performed the required nat you should be good.
What ports must be open