Jump to content


Photo

Netscaler gateway login page is loading continuously

Started by reddy01 , 24 March 2017 - 03:05 PM
4 replies to this topic

reddy01 Members

kumar PUPPALA
  • 8 posts

Posted 24 March 2017 - 03:05 PM

Hi folks,

 

i need urgent help,i am using MPX(5550) physical netscaler appliance.my Device is connected to management network and DMZ Network with two physical interfaces.NSIP is 10.216.28.6 connected to management network through 0/1 interface.my VIP (DMZ) is 10.216.31.10 . i connected to dmz switch port 20 (access port) by using 1/1 physical interface and i made vlan binding to 1/1 interface with subnet ip 10.216.31.11.i tested with other vip as 10.216.28.7 its working but if i browse my dmz vip its loading continuously and not opening the login page.please help  me out from this situation



Aparna Sharma Citrix Employees

Aparna Sharma
  • 26 posts

Posted 31 March 2017 - 05:56 PM

Hi,

 

In this set up is 10.216.31.11 LB VIP or Gateway VIP?

 

Can you please run command in shell- nstcpdump.sh to see if the traffic is even coming to NetScaler or not?



Carl Stalhood CTP Member

Carl Stalhood
  • 11,745 posts

Posted 18 April 2017 - 01:37 AM

Does it work from a machine on the same subnet?

 

What is your default route on the NetScaler? Is the next hop a router on the 1/1 network? Or is it on the 0/1 management network?

 

What kind of VIP? Load Balancing VIP? Are you maybe doing SSL 443 on the front end and HTTP 80 on the back end?



reddy01 Members

kumar PUPPALA
  • 8 posts

Posted 01 May 2017 - 02:57 PM

hi carl,

 yes it is working from machine on the same subnet. my netscaler default route is dmz default gateway and 1/1 networ.it is netscaler vpn vip  based on 443.i enable the MBF,PBR but it is browsing continuously and could not able to open the login page of netscaler gateway portal.vip is in DMZ and we are trying from internal network, additional to that we use palo alto firewall and wild card cert in netscaler...do you think is there any ssl encryption blocking in firewall..?



Carl Stalhood CTP Member

Carl Stalhood
  • 11,745 posts

Posted 01 May 2017 - 05:17 PM

Some firewalls don't let internal users go out and come back in.

Make sure the Palo is not inspecting or classifying the traffic. The traffic must not be decrypted before it reaches the Gateway.