Jump to content

Netscaler: DNS Rewrite for SSL VPN Gateway users (Skype for Business Split Tunnel)

Rowen Gunn

Recommended Posts



I'm attempting to setup a Reverse Split Tunnel for the Skype for Business client on our Netscaler SSL VPN. We want everything to come to our internal servers, including DNS, except the specific Skype for Business traffic. One of the steps I need to do is replace our internal DNS entries which would normally go to the VPN clients with either the external IPs for our Skype Edge servers or null/empty answers.


I'm looking for guidance on how to use the Netscaler to replace or rewrite specific a specific DNS entry like lyncdiscoverinternal.domain.com from returning the internal IP to our VPN users. I would prefer the Netscaler somehow block this entry from being seen by my VPN users or tell the clients there is no IP/entry.


Any assistance would be appreciated, getting Skype for Business Reverse Split Tunneled is not easy!

Link to comment
Share on other sites

You could try rewriting server response that is returned so DNS client gets external IP for your link...doman.com entry *https://docs.citrix.com/en-us/netscaler/12/appexpert/rewrite/dns-support-rewrite.html). That would not take much effort and would solve your challege (if I understood it well)


Do you reverse proxy also S4B traffic through NS?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...