Topic: Content Switching Problem -> Acces Gateway Target (Read 2960 times)

ds1978 · « **on:** June 24, 2010, 10:35:05 AM »

Hi everyone,

I've got a problem. My https requests hit my content switch vserver, from there I choose where to redirect it to. I can redirect it to every loadbalancing vServer I want (of type HTTPS).
Now, my goal is to send it to the AccesGateway vServer, that is also defined on that netscaler. So my thought was, do define a service in loadbalancing, with IP of the AccessGateway vServer and port 443 (of the AG vServer). And that doesn't work, there's an error message saying, the adress is already in use.

Can you Confirm that. Do you know another solution.

Cheers,
Sascha

nzambo · « **Reply #1 on:** June 24, 2010, 11:23:50 AM »

Why not just redirect to the AGEE FQDN?

ds1978 · « **Reply #2 on:** June 24, 2010, 11:35:28 AM »

Where would you configure that?
There's only one official ip, and I want to root ww1.domain.com to one target and ww2.domain.com to another target (here: the AccessGateway vServer).

ww1 and ww2 are pointing to the same IP, routing should be based on the domain. That is no problem, I#ve a lot of setups like that. But if the Target is the accessgateway, it's not possible to define the service of thype SSL.
Intrestingly, if you definde the service of type "any" it's possible to create the service. But that "any" service, and the le vSer ver of type any, you can't bind to the CS vServer.

nzambo · « **Reply #3 on:** June 24, 2010, 11:44:46 AM »

Are you using responder policies? Or content switching policies?

Also, is there any way to access the AGvServer without a CSVS?

We use responder policies to intercept the traffic and do a http(s) redirect to another more appropriate FQDN. So like. https://www.domain.com redirects to https://test-agee.domain.com.

I unfortunately have never used straight content switching policies, so if that's what you are after, I can't help.

nzambo · « **Reply #4 on:** June 24, 2010, 11:46:49 AM »

Oh, I think I see what you are getting at - the "target" field in the csvs doesn't list your access gateway vserver.

ds1978 · « **Reply #5 on:** June 24, 2010, 11:49:53 AM »

Tryed also the "edit ns.config" an so i made it a ssl service... but then AG vServer didn't come up ;-)

nzambo · « **Reply #6 on:** June 24, 2010, 12:01:19 PM »

Ok.. how's this:

Create your AGvServer on a private ip say, 10.10.10.1, then create an SSL Offload vserver using a valid IP on 443, with this 10.10.10.1 server as the back-end service. This will facilitate making a vServer available in your content switching server target?

nzambo · « **Reply #7 on:** June 24, 2010, 12:05:50 PM »

bah - that's not working either because the backend AGvServer ip is actually on the NS - I dunno man, ya got me

ds1978 · « **Reply #8 on:** June 24, 2010, 12:08:00 PM »

I think I will give this to our Citrix TRM... saying this is a problem in the company.... even it's not ;-)

nzambo · « **Reply #9 on:** June 24, 2010, 12:10:41 PM »

One thing I was able to accomplish was this - along the same lines of thinking

I created a SSL Offload vServer and bound it to a service that would always be down, then set the backup vServer to the AGvServer - which in essence made it always present the AGvServer as it's content. This ssl offload server was then available in my CSVS.

You would still of course have to create the AGvServer with an internal IP, since you only have one to work with.

That's the best I have

I'm sure someone will school me soon enough.

ds1978 · « **Reply #10 on:** June 24, 2010, 12:14:52 PM »

Hm... sounds like an evil solution.... I definitively like it. I'll give it a try, but tomorrow ;-)

ds1978 · « **Reply #11 on:** June 25, 2010, 04:58:02 AM »

Quote from: nzambo on June 24, 2010, 12:10:41 PM

One thing I was able to accomplish was this - along the same lines of thinking

I created a SSL Offload vServer and bound it to a service that would always be down, then set the backup vServer to the AGvServer - which in essence made it always present the AGvServer as it's content. This ssl offload server was then available in my CSVS.

You would still of course have to create the AGvServer with an internal IP, since you only have one to work with.

That's the best I have I'm sure someone will school me soon enough.

So, after a few tests, I got a perfect result.
First: thanks very much for your advices, though your suggested solution didn't work, because redirecting to the AG does not work, because with redirecting your browser will be redirected to the AG, and that is in my case 10.10.x.x.... which is not accessible through internet ;-)

But you pointed me to the right direction, and I thought about the pain I have with my for Boxes at work, and that NS is not always logical :-)

Solution: I'm not able to create the Service pointing to AG (Adress already in Use), bit if you create a service group and than add the IP and Port.... yes... it works

Nice Weekend, cheers,
Sascha

rips420 · « **Reply #12 on:** June 28, 2010, 08:42:52 PM »

I cannot create a service or service group pointing back to the CAG vServer IP/Port.

I am testing on 9.1 build 101.5

What version are you on? Did you do anything special?

Thanks

ds1978 · « **Reply #13 on:** June 29, 2010, 12:23:37 AM »

Didn't do anything special within the servicegroup.
I'M using the newest XenServer VM.

Maybe I can try this on our physical boxes with 9.1.... but not today, I'm full of work :-)

evildani · « **Reply #14 on:** August 03, 2010, 08:39:36 AM »

Be carefull with the VPN SSL, it will use ports not configured directly on the VIP. For example when you try to set up the VPN SSL it will send traffic to port 8080, but the VIP in AGE is only configured on port 443. Same will happen with port 80, if you configure it in LB and use the same IP for AGE you will run into trouble.

Let us know how it goes.

Netscaler Knowledgebase

News:

Author Topic: Content Switching Problem -> Acces Gateway Target (Read 2960 times)

ds1978

Content Switching Problem -> Acces Gateway Target

nzambo

Re: Content Switching Problem -> Acces Gateway Target

ds1978

Re: Content Switching Problem -> Acces Gateway Target

nzambo

Re: Content Switching Problem -> Acces Gateway Target

nzambo

Re: Content Switching Problem -> Acces Gateway Target

ds1978

Re: Content Switching Problem -> Acces Gateway Target

nzambo

Re: Content Switching Problem -> Acces Gateway Target

nzambo

Re: Content Switching Problem -> Acces Gateway Target

ds1978

Re: Content Switching Problem -> Acces Gateway Target

nzambo

Re: Content Switching Problem -> Acces Gateway Target

ds1978

Re: Content Switching Problem -> Acces Gateway Target

ds1978

Re: Content Switching Problem -> Acces Gateway Target

rips420

Re: Content Switching Problem -> Acces Gateway Target

ds1978

Re: Content Switching Problem -> Acces Gateway Target

evildani

Re: Content Switching Problem -> Acces Gateway Target