1
I've got a remote desktop working environment to which I connect to using Citrix Receiver. Having an *.ICA file, is it possible to access the remote network without connecting to the remote desktop using Citrix Receiver? I'm running a Windows 10 Pro machine.
LppEdd
Posted 2018-01-26T10:56:52.920
Reputation: 274
0
An ICA file doesn't disclose anything about the remote network.
It is just a text file (load once in NotePad to see what is in there) that specifies how to connect to the remote desktop or remote application.
There are many options and variants in how to connect en that is why the ICA file contains a whole lot of obscure fields and parameters.
It is possible the ICA file specifies a server-name or ip-address to connect to, but that doesn't mean you can access the corresponding LAN directly. (Could be firewalled so only the Citrix/remote desktop connection is allowed.)
In most cases there is no IP-address for the remote desktop at all, but the ICA file specifies a serverfarm or proxy-server to connect to.
This then establishes the actual connection to the remote LAN on your behalf. Since this serverfarm or proxy sits between you and the remote LAN it isn't necessary for you to have direct access to the remote LAN. And in most cases that remote LAN will NOT be accessible directly as a security measure. Securing the serverfarm or the proxy is in most cases a lot easier than securing the whole remote LAN so it is common practice to use this kind of separation,
So in general: No, the ICA file is usually not useful to figure out how to directly interact with the remote LAN.
Tonny
Posted 2018-01-26T10:56:52.920
Reputation: 19 919
Thanks Tonny. Yes, the ICA file specifies a Server name and address (in a incomprihensible manner). Where would you begin looking for information about the remote network? Now that I look and think better, the Address may be a server farm, as you said – LppEdd – 2018-05-07T15:48:22.727
@LppEdd This Citrix connection of yours. Is this a connection via Internet or on an private/company internal LAN ? If it is via Internet forget it. That network won't be exposed. If it is internal then ping the server-name. That should tell you the ip-address of the server or one of the servers in the farm. traceroute that ip. That should give you the closest gateway to that ip which would be the gateway of the LAN in which the server(farm) resides. Of course it still possible that the remote LAN is something completely different. – Tonny – 2018-05-07T16:08:04.010
Yeah it's a banking network, and this Citrix workstation is accessible via internet (via their web portal). So basically I'm screwed and I'll have to use Citrix – LppEdd – 2018-05-07T16:31:35.740
@lppedd Banking? Thread carefully. Any attempt to circumvent their security (no matter how innocent your intentions) could be taken as a hacking attempt. – Tonny – 2018-05-07T17:40:35.413
Well I own my account, but maybe you're right! Thanks! I'd like to avoid Citrix because the virtual machines are damn slow and banks are reluctant to upgrade. – LppEdd – 2018-05-07T17:47:09.633