« previous next »
Pages: [1]   Go Down

Author Topic: Netscaler remote access issues  (Read 677 times)

Offline GerardGillan

  • Contributor
  • *
  • Posts: 2
  • Karma: 1
Netscaler remote access issues
« on: November 16, 2011, 09:07:16 AM »
Hi,
First post on the forum although I've foundit a very useful resource so far. I really hoping that someone canhelp me with a problem we are experiencing and that I'm pulling my hair out over.
I'm involved in the deployment of some Netscaler MPX 7500 devices in our datacentre which is hundreds of miles away from our office.
We are experiencing some difficulties with remote access to these devices and investigations have shown that the Netscalers are sending their managment traffic with a source IP address of one of the SNIP addresses. This is then getting blocked by our firewall rules.
I have tried adding some PBRs to force all the management type traffic (SNMP, SSH, TACACS etc.) to use the management interface as it's source IP and set the next hop as the gateway device for our management VLAN.
Unfortunetly this made no difference as we are still seeing the managment traffic with a source IP address of one of the SNIP addresses.
Any help will be greatly appreciated
Logged

Offline evildani

  • Administrator
  • Hero Member
  • *****
  • Posts: 389
  • Karma: 22
Re: Netscaler remote access issues
« Reply #1 on: November 16, 2011, 09:14:12 PM »
Could you describe what features and modes are turned on on the NS?
Could you describe your network topology?
Describe the IPs configured on the NS and routes.

There are cases in which the NS uses a specific IP for a specific kind of traffic.

Daniel
Logged

Offline GerardGillan

  • Contributor
  • *
  • Posts: 2
  • Karma: 1
Re: Netscaler remote access issues
« Reply #2 on: November 17, 2011, 09:20:21 AM »
Hi,

Thanks for the reply.

Could you describe what features and modes are turned on on the NS?
enable ns feature WL SP
enable ns mode FR L3 Edge USNIP PMTUD

Could you describe your network topology?
Describe the IPs configured on the NS and routes.
We have three main VLANs in use in our Netscaler enviornment, Management (VLAN333), Date (111) and PVS(222).
Our NSIP (int 0/1) and a MIP (shared between HA) IP addresses are within the management VLAN which and 0/1 is uplinked to our distribution switch into an access port. The management VLAN has a FW acting as the gateway device. The rules only permit traffic from the management VLAN.
We have two ports (1/1, 1/5) bound together as a 802.1q trunk (int LA/1). We have the VLAN 111 and 222 interfaces tagged on this trunk. Both VLAN 111 and 222 have gateways which are HSRP addresses on our our distribution switch.
The default route on the Netscalers is one of these HSRP addresses and we have added some PBRs to route SNMP and TACACS traffic via the management VLAN gateway.

There are cases in which the NS uses a specific IP for a specific kind of traffic.
We are still at the stage of setting up remote acces to these devices and the main traffic we are sending to and from the NSIP is SSH, HTTP, TACACS and SNMP.


Again, any help will be much appreciated.
Logged
Pages: [1]   Go Up
« previous next »