Jump to content
Welcome to our new Citrix community!

NetScaler VPX / NetScaler Gateway with Intranet IP Pools in Azure

Recommended Posts

Hi Community,

I like to setup a NetScaler VPX as Client VPN Gateway in Azure.

I have the requirement to use AAA Group based Intranet IP Pools (IIP) for up to 2000 IPs in different Pools.

We have a similar setup running on premise, which is totally working.

Can you tell me whether and how this is possible?

I read there may be a limitation that the IPs from the pool need to be registered at the NIC in Azure configuration, but I am not sure if this is true, as the IPs will be the Client IPs and the NetScaler will act as kind of a router for them. So I see no reason, why the IPs need to be known at Azure in the first place, beside routing.



Link to comment
Share on other sites

  • 3 weeks later...

Unfortunately, I know the article already and it does super not answer my questions, it generates new ones.

Reserving IPs in the interfaces in Azure generates the following issues:

  1. There is a limit of 256 IPs max per NIC -> I need more than 2000.
  2. It is not possible to add IPs from a different IP range to a NIC -> I would need that for access restrictions.
  3. A dedicated IP can only be bound to one NIC at the same time. So if I use HA, I cannot reserve the same IP in both VPX. This would be necessary to run HA in a good way.

Does this mean HA is not possible with IIPs?

On the other hand we have successfully set up an IPSec appliance from another vendor which does not need to bind its internal "virtual" IPs to the NIC and it is just working with the routing fine.

So, I think there must be a way to set it up without tying everything to the NICs there.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...