Citrix Netscaler IP addresses
If I understand Netscaler appliance when it sits in the DMZ, it should have at least 2 Nics connected to External Firewall and 2 Nics connected to the internal firewall.
So how do Netscaler Virtual server IP address and the Mapped IP address get used when the traffic comes in or goes out ?
Is Mapped IP the IP address of the interface of Netscaler facing the inside Network ?
Any explanation ?
Thanks
Who is Participating?
Experts Exchange Solution brought to you by
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
NSIP is the Management interface
I believe the traffic that goes back to external users from inside has a separate interface
That is not Citrix' standpoint at all. Even on the SDX platform, it is routinely positioned to have a SINGLE deployment of NetScaler appliances be able to be connected to multiple different security zones without compromising your security.
Mapped IPs (MIPs) are no longer supported with firmware v11. The only value in learning about them now is to understand how they need to be "dealt with" in terms of upgrades of the appliances to newer firmware versions.
In a nutshell, the NetScaler is the actual endpoint that your client will terminate its connection to. Through proxying, the user's session is extended to the actual back-end server via a connection that originates on the NetScaler. MIPs are basically IPs that are used for this back-end server communication, sort of like performing a NAT on a firewall device. In the newer version of firmware, the option was added to perform this translation using an IP already coded on the NS for actual network communication - the SNIP. This method is what is supported moving forward.
Experts Exchange Solution brought to you by
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trialIt's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MCSE Microsoft Certified Systems Engineer - Securing… 324 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - PowerPoint 2010… 203 lessons
Experts Exchange Solution brought to you by
Here is a rundown on the various IPs:
-NetScaler IP (NSIP): Used for management of the NetScalers. The NSIP is also the source of authentication (LDAP, RADIUS, etc) traffic.
-Subnet IP (SNIP): The SNIP has (I believe) completely replaced the MIP with NS 11.0, that is to say MIPs have been deprecated. Communication to private services (DNS, ICA, Web Interface, StoreFront, etc.) originate from the SNIP.
-Virtual IPs: VIPs are used to provide for load balancing and high availability of services. For example, a typical XenApp deployment will have two StoreFront servers for high availability. You can point users directly to one StoreFront server, though if that server goes down users won't be able to connect unless you change DNS, tell them to use a different IP, etc. Instead you should use a VIP that serves as a front end to the StoreFront servers. You point users (and DNS) to the VIP rather than directly to any particular StoreFront server. You can use VIPs for a variety of services: DNS, WWW, etc. You can use them for far more than just Citrix stuff.