Solved

Netscaler Gateway VPX SNIP/VIP Single DMZ NAT rule Help.

Posted on 2014-10-31
  • Citrix
  • Networking
  • Routers
  • Hardware Firewalls
  • Network Operations
  • +1
1
1,082 Views
Last Modified: 2016-10-25
I recently purchased a Netscaler Gateway VPX to replace Access Gateway and am having some issues getting it up and running.

I'm running the latest NSVPX Gateway in the DMZ. I have an NSIP that's connected to the internal network and a public routable ip address for the SNIP.

There is a public routable subnet that lives in the DMZ. There is an infrastructure network where all my CTX servers reside.

I've setup a NSIP to be in the same IP range as the infrastructure network
The SNIP is a public IP
I've created a VIP for my VS, which is a public IP

I'm having all sorts of issues with properly setting up NAT rules on a Cisco ASA to get this working. Authentication is being done on the NSVPX, then sent to WI, then the SNIP opens up connections directly to the STA servers (to my understanding)

My issue now is not passing through to the WI. Since WI lives on the inside network, Do I have to make sure that either the WI's private address is sent directly to the NSVPX or i create new NAT rules to change the IP? The WI is currently setup for Gateway Direct.

Once I get to the Netscaler Login page, The login just doesn't work, which means either the WI can't properly authenticate or return the traffic back successfully.

My confusion lies on what kind of traffic does the VIP need to accept or transmit BACK into the internal network. I believe the VIP listens only and the SNIP transmits. If so, then the WI needs to be able to access HTTPS into the VIP address to properly respond to an AUTH request.

Could use a hand on how to properly get this going.

Thanks
0
Comment
Question by:Phipps-IT
1 Comment
 

Accepted Solution

by:
Phipps-IT earned 0 total points
ID: 40428772
It turns out to be nothing on the ASA NAT related. On the Netscaler I needed to enable Mac-Based Forwarding along with making sure I have a SNIP of a private, inside address along with DNS.

Problem solved.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
2 Subnets, 2 routes, failover routing ? 3 41
How to safely test out TFTP server software 12 68
2 routers and 1 public IP Address. 10 41
Lightweight Networking 9 43
Citrix policies are the most efficient method to configure and tune XenDesktop environments, allowing organizations to control connection, security and bandwidth settings based on various combinations of users, devices or connection types.  Citrix …
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question