Netscaler Gateway VPX SNIP/VIP Single DMZ NAT rule Help.

I recently purchased a Netscaler Gateway VPX to replace Access Gateway and am having some issues getting it up and running.

I'm running the latest NSVPX Gateway in the DMZ. I have an NSIP that's connected to the internal network and a public routable ip address for the SNIP.

There is a public routable subnet that lives in the DMZ. There is an infrastructure network where all my CTX servers reside.

I've setup a NSIP to be in the same IP range as the infrastructure network
The SNIP is a public IP
I've created a VIP for my VS, which is a public IP

I'm having all sorts of issues with properly setting up NAT rules on a Cisco ASA to get this working. Authentication is being done on the NSVPX, then sent to WI, then the SNIP opens up connections directly to the STA servers (to my understanding)

My issue now is not passing through to the WI. Since WI lives on the inside network, Do I have to make sure that either the WI's private address is sent directly to the NSVPX or i create new NAT rules to change the IP? The WI is currently setup for Gateway Direct.

Once I get to the Netscaler Login page, The login just doesn't work, which means either the WI can't properly authenticate or return the traffic back successfully.

My confusion lies on what kind of traffic does the VIP need to accept or transmit BACK into the internal network. I believe the VIP listens only and the SNIP transmits. If so, then the WI needs to be able to access HTTPS into the VIP address to properly respond to an AUTH request.

Could use a hand on how to properly get this going.

Thanks
Phipps-ITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Phipps-ITAuthor Commented:
It turns out to be nothing on the ASA NAT related. On the Netscaler I needed to enable Mac-Based Forwarding along with making sure I have a SNIP of a private, inside address along with DNS.

Problem solved.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.