I cannot get an ICA client (on a SBS 2003 Box) out through the ISA server.

The ICA client is a red herring here, as the problem is not with the ICA client but with the configuration of ISA.

I have created protocol definitions, protocol rules, packet filters, destination sets, etc. All to no avail.

The ICA client needs TCP outbound access on port 1494.

It might also need UDP send/receive access on port 1604.

All would appear to configured correctly, but.....

Telnet provides a good diagnostic here, since a telnet connection to the target server on port 1494 should produce some inverted triangles bracketing the text ICA in the telnet window. What is produced is instead is an error message that there is no path to the server on the subnet.

The packet filter log shows this:

#Software: Microsoft(R) Internet Security and Acceleration Server 2000
#Version: 1.0
#Date: 2004-07-02 15:58:06
#Fields: date time source-ip destination-ip
2004-07-02 21:45:45 xxx.13.xxx.189 xxx.53.xxx.13

protocol param#1 param#2 filter-rule interface
Tcp 3979 1494 BLOCKED xxx.13.xxx.189


Any thoughts?