10-16-2014 02:21 AM
Hello,
I want to reach a server, which resides in LAN D from client LAN A via it´s public IP (Citrix Netscaler) and https.
Both nets have the same default gateway device (Cisco 1921, 15.4(1) with virtual Interfaces).
On this device also the NAT statics for reachablity of the server from outside are configured.
Is there a way to forward packets destined for 93.XXX.XXX.XXX:443 directly to 10.10.1.150 and back from 10.10.0.0/24, without static DNS or host entrys on any device?
Config extract:
ip nat inside source static tcp 10.10.1.150 443 93.XXX.XXX.XXX 443 extendable
interface GigabitEthernet0/0
description *** OUTSIDE ***
ip address 93.XXX.XXX.XXX 255.255.255.224
ip nat outside
ip inspect FW in
ip inspect FW out
interface GigabitEthernet0/1.2
description *** LAN A ***
encapsulation dot1Q 2
ip address 10.10.0.254 255.255.255.0
ip nat inside
interface GigabitEthernet0/1.3
description *** LAN D ***
encapsulation dot1Q 3
ip address 10.10.1.254 255.255.255.0
ip nat inside
Help is very much appreciated.
Kind regards
Alex
10-20-2014 05:21 PM
Hi Alex,
Hope you are doing well!
Since you are using Citrix Netscaler I wanted to mention a new feature Automated Policy based Routing(APBR) and RISE(Remote Integrated Service Engine) that is available on Citrix Netscaler which might ease you pain points in configuring services.
Here are some details and links
RISE (Remote Integrated Services Engine) is an innovative, industry-first architecture conceived by the Nexus Services engineering team to seamlessly integrate Nexus switches with appliances offering L2/L3/L4-L7 services. RISE makes the service appliance look like a line card in the Nexus 7K series. This integration allows any appliance to take advantage of the benefits of an in-chassis module such as increased application performance, high application availability, and data center consolidation.
RISE press release on Wall Street Journal : http://online.wsj.com/article/PR-CO-20140408-905573.html
RISE At A Glance white paper: http://www.cisco.com/c/dam/en/us/products/collateral/switches/nexus-7000-series-switches/at-a-glance-c45-731306.pdf
RISE announcement blog: http://blogs.cisco.com/datacenter/rise
RISE Video at Interop: https://www.youtube.com/watch?v=1HQkew4EE2g
Cisco RISE page: www.cisco.com/go/rise
Gartner blog on RISE: “Cisco and Citrix RISE to the Occasion”: http://blogs.gartner.com/andrew-lerner/2014/03/31/cisco-and-citrix-rise-to-the-adc-occasion/
Please contact us for a demo/presentation/POC. Please send email to nxos-rise@cisco.com.
Thanks
Avni
11-10-2014 08:38 AM
Thank you for the answer.
But isn´t there a way to get my ISR Routers (1841/1921) not to NAT addresses, which they hold by there own and have statics configured for?
I´m not willing to change my switch fabric base to Cisco Nexus just to get this issue fixed.
(By the way the Nexus contruct with FEXes that have to transmit all their port traffic forward and back to their parent Nexus instead of passing it directly between their interfaces is just not acceptable)
With an ASA this isn´t a problem at all.
Kind regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide