Jump to content


Photo

Incoming user nat ip towards XenApp environment.

Started by Indranil Dutta , 16 February 2017 - 12:04 PM
6 replies to this topic

Indranil Dutta Members

Indranil Dutta
  • 17 posts

Posted 16 February 2017 - 12:04 PM

Hi,

 

We have a scenario to decide on implementation for Xenapp 7.x.

Implementation is targeted for only Xenapp with session recording. No VDI is required.

 

1> User --> Nat Firewall --> Xenapp Storefront.

 

Incoming user Ips are natted to same class range of Xenapp application servers IPs, NAT done in-between firewall, before request comes to Xenapp storefront. Citrix doesn't even know the actual user Ips, it will receive only NAT Ip, Do we require Netscaler for this environment.

Storefront and Application servers are in same network and rest others master servers in other network.

 

 

Br/Indranil Dutta

 



Carl Stalhood CTP Member

Carl Stalhood
  • 11,402 posts

Posted 16 February 2017 - 12:14 PM

NetScaler Gateway can proxy all VDAs through a single IP. Thus you only need one NAT.

 

In general, if there's any NAT between the user and VDA, then you need NetScaler Gateway ICA Proxy.



Indranil Dutta Members

Indranil Dutta
  • 17 posts

Posted 16 February 2017 - 12:24 PM

NetScaler Gateway can proxy all VDAs through a single IP. Thus you only need one NAT.

 

In general, if there's any NAT between the user and VDA, then you need NetScaler Gateway ICA Proxy.

 

In our setup, we have user networks. as ->

 

>User comes from another class network. Only way to reach Citrix is to Nat the incoming Ips. 

User Incoming IPs are natted on firewall and reach Citrix. Firewall is between user and citrix servers.

Citrix setup - > No VDI, only Xenapp, Please advise, if we need netscaler.



Carl Stalhood CTP Member

Carl Stalhood
  • 11,402 posts

Posted 16 February 2017 - 12:35 PM

Do your VDAs have public IPs? Or can the IP addresses configured on the VDAs be reached directly by the clients?

 

If the clients need to use a NAT'd IP to reach a VDA, then you need NetScaler Gateway.



Indranil Dutta Members

Indranil Dutta
  • 17 posts

Posted 16 February 2017 - 12:57 PM

No, they cannot be reached directly from the clients. There are two firewalls to reach Citrix. First firewall will nat client ips and second firewall to allow only the ports requried to access citrix. So, in this case, do we still need netscaler. I mean how come citrix has to do with Natting, it doesn't knows user actual ips. It has to take only the nat ip and reply over to nat ip which will be subsequent changed by firewall.



Carl Stalhood CTP Member

Carl Stalhood
  • 11,402 posts

Posted 16 February 2017 - 01:50 PM

When you build a VDA you put an IP address on it.

 

Can the clients connect to that VDA Private IP on TCP 1494 and TCP 2598, even if the firewall allows it? 

 

If NAT is needed on the VDA side, then you need NetScaler Gateway ICA Proxy. In other words, if each VDA has a different IP that users need to use to access the VDA, then you need NetScaler Gateway ICA Proxy.

 

NetScaler Gateway VPX starts at $995. There's even a free NetScaler VPX Express version. Thus, there's no reason to not deploy NetScaler.



Indranil Dutta Members

Indranil Dutta
  • 17 posts

Posted 17 February 2017 - 09:42 AM

Could u pls share links to deploy netscaler gateway on vpx.