Citrix VPX Express Netsclaer won't work on DMZ

I set up a VPX Express Netscaler Gateway (version 10.1: build 131.7.nc) with two virtual nics  for users to access Citrix StoreFront from outside.   The gateway works if I have it on my inside network 10.1.1.0/24, gateway's virtual IP also on the inside subnet with a public IP statically mapped.   It stopped working once I moved it out to my dmz with gateway's virtual IP also changed to the DMZ subnet, same public IP was mapped.  I can't even telnet to the gateway's port 80 or 443 from outside even with all traffic allow to/from the outside.  I am able to access the gateway using a test workstation on the DMZ and logon to StoreFront.   I am also able to telnet to my other public facing web server on DMZ to port 80 and 443, so firewall rules should not be the issue.   I think it might have do with routing on the gateway.  Is there a way to force a default route on the gateway?   Can I change the binding of IPs on gateway's virtual NIC?  Any idea on how may make it work are deeply appreciated.
altonyoungAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian CTXSupportCitrix ConsultantCommented:
You need to change the 0.0.0.0 route to point to the external gateway, presumably the firewall, under System \ Network \ Routes (I think, don't recall 10.1 code for sure).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
altonyoungAuthor Commented:
Brian,

I can't find the path you mentioned.   attached is the screen shot of all folders listed on the gateway.  Thanks.
Capture.PNG
Brian CTXSupportCitrix ConsultantCommented:
The path I mentioned are the menu headings in the NetScaler web GUI, or you can make the change from the command-line interface.  What IPs are bound to the device, and what routes are you showing?
altonyoungAuthor Commented:
Brian,

Sorry I was trying it the hard way.   I found the route under Network\Advance.  Deleted the old default route, added a new default to point it to my firewall and all is working now.    

Thank you very much for your help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Citrix

From novice to tech pro — start learning today.