We help IT Professionals succeed at work.

Netscaler 10.1 Client IP Addresses - Assign specific pools for different User Groups

Hi EE,

We've been running Netscaler 10.1 for a few months now. We have Universal Licenses installed allowing VPN which works beautifully. All connecting clients get a Client IP in a 192.168.29.0/24 subnet currently. I'm looking for a way to carve this up to give specific users specific IP Pools - think Power Users or IT Admins requiring different firewall policies to be applied.

I know the numbers are wrong here but something logically like this:
Standard user: 192.168.29.1-128
User Group X: 192.168.29.129-160
User Group Y: 192.168.29.161-200

Ideally this would be applied based based on the Security Group membership of the user.

I'm far from expert with Netscaler but have become comfortable enough to find my way around it, any suggestions would be greatly appreciated!

Thank you,

Adam
Comment
Watch Question

The following article shows how to assign a IP range to a user or group but I am testing this in my lab and do not see where in the vserver to define which group get an IP block.... I bet it is sometype of added policy to check the user account attributes when they log in.


http://support.citrix.com/proddocs/topic/netscaler-gateway-105/ng-plugin-ip-pooling-config-tsk.html

Good Luck
I am wonder if a responder policy could do this????
Commented:
Couldn't quite get this to provide different IP Pools for different users or user groups. We ended up talking to our firewall manufacturer Palo Alto who was able to provide syslog integration with the Netscaler. This let us apply user based policies on the firewall instead of IP based rules which meets our needs quite nicely.

Author

Commented:
Described in my comment.