Jump to content
Welcome to our new Citrix community!

Use DHCP relay for SSL VPN clients


Davey Huntjens

Recommended Posts

Hi all,

 

we have an issue regarding registering our SSL VPN clients in DNS. Corporate policy is set in such a way that all of our clients get IP through DHCP and DHCP registers the client in DNS. This setting is causing issues for our SSL VPN clients using Netscaler Plugin. In our old Juniper environment, it is possible to set up Juniper as DHCP relay for the clients.

 

I found the article that describes setting up DHCP relay in Netscaler, but cannot find a way to point our clients to us the relay.

 

Any ideas?

 

Kind regards,

 

Davey

Link to comment
Share on other sites

By default, all vpn sessions connect to backend resources using the NetScaler SNIP.

 

To change this, you can assign an IP Address pool to the vpn vserver via intranet IPs.  Then when clients connect they can be assigned a unique internal IP via the vpn vserver.  This pool of IPs can then be rserved from DHCP so there is no conflict with IPs DHCP hands out.  (When looking up this option, note there is a distinct difference between the "Intranet IP" setting and the "Intranet App" setting...they do completely different things.)

 

But the IP address assignment would be handled by the NetScaler and would not be tied to specific users on a reserved basis.

 

The NetScaler doesn't support allocation of IPs via DHCP.

 

If you need fixed IPs per client, then it gets trickier as you would have to assign intranet IPs per user (as opposed to per group or per vpn vserver).

Link to comment
Share on other sites

I’ve asked Citrix NL for a reply on this. For now we allowed the Intranet IP subnet to register accounts in DNS which is working. Not the most elegant solution however so hopefully this can be a new feature in the future.

 

There are more of these things I run into that a product which is more specified to VPN doesn’t have.

Link to comment
Share on other sites

  • 2 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...