Jump to content
Welcome to our new Citrix community!

Citrix Netscaler in CoLo Public IP no NAT

Tom Swift

Recommended Posts

Trying to set up a Netscaler in a CoLocation center where the VIP will have a public IP that's not behind a firewall and not NAT'd.  The Netscaler will be the front end device and route traffic to Internal private IP's.






Other than possibly assigning the public IP to the SNIP, how to I make this work?


Let's hypothetically say the Public IP is:


I plan on having LB VIP's for:

HTTP (TCP Port 80 Traffic). -->

HTTPS (TCP Port 443 Traffic) -->

RDP (TCP Port 3389 Traffic - Filtered so only a short list of public IP's are permitted access) -->


Kind Regards,




Link to comment
Share on other sites

I think you need to provide more info on your scenario.  Why do you think you need the public IP as the SNIP?  (SNIPs are typically only need for the networks the ADC is directing traffic to/destinations.  SNIPs are not usually needed in the public VIP network, unless you have other traffic flow that uses that destination network for outbound destinations too.)


IF the public IP is the load balancing entry pint, then the public IP is the VIP of the lb vserver and it will direct traffic to the destination service IPs, using the SNIP (which should be private).  No special config required and in general you do not want publicly facing SNIPs (without some restrictions/considerations).


If the ADC is responsible for the NAT'ing of the public IP to the internal servers, then you are looking at configuring an RNAT config or INAT config.

Depending on the usage a NAT IP handled by the ADC is the "public ip" and a SNIP or alternate proxy IP is used on the backend to server communication.


RNAT is usualy for requests originating from the server going outbound to external destinations; but multiple servers can be behind the RNAT IP. 

INAT (inbound nat) is used in this type of NAT config for external client to hit NAT IP, and then the ADC maps it to the internal destination.  This is done on a 1:1 basis. Single INAT IP per Destination IP.  However, you only get NAT'ing in this config and none of the ADC proxy features like you would get with LB or CS. (responder/rewrite/cmp/cacheing/ssl offload/etc)

INAT and RNAT are here:  https://docs.citrix.com/en-us/citrix-adc/13/networking/ip-addressing/configuring-network-address-translation/configuring-inbound-network-address-translation-inat.html


RDP Proxy (since you had RDP in the above list), can be implemented with the Gateway via the vpn vserver.


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...