Jump to content
Welcome to our new Citrix community!

Issue with TCP port 25 and Use Source IP


Recommended Posts

Hi Mehdi,

 

the usual problem here: The ADC receives data, so it sends a TCP/Syn using client's IP to the backend-server. The backend-server sends a SYN/ACK to the client (but the client does not know the backend-server, so it discards the packet). The ADC waits for the SYN/ACK for a while and eventually gives up.

 

How to solve the problem:

  1. use PBR (policy based routing) on the switch to make sure, the ADC will receive the SYN/ACK. Works great, however, there is some administrative overhead.
  2. set the Citrix ADC as the default gateway for the mail-server. Works great, however, you need more bandwidth (license) on the ADC, as the ADC has to cover all the additional traffic from the mail-server (OS-updates, ...)

Cheers, greetings from sunny Austria

 

Johannes Norz

CCI, CTA, CCE-N

https://blog.norz.at

https://wonderkitchen.network

Link to comment
Share on other sites

Thanks Carl.  In the document it states 

 

Navigate to Traffic Management > Load Balancing > Virtual Servers.====Done

Open a virtual server, select Redirection Mode as MAC Based, and method as SOURCEIPHASH.===I tried to change to Mac based and get this error>>>.MAC/IPTUNNEL mode can be set only for a VIP with wildcard IP or with service type ANY or for a sessionless VIP.  Also I Dont see SourIPHASH as an option

 

In Traffic Settings, select Sessionless Load Balancing.=== I dont see this option

Link to comment
Share on other sites

9 minutes ago, Mehdi Amini1709158376 said:

Thanks Carl.  In the document it states 

 

Navigate to Traffic Management > Load Balancing > Virtual Servers.====Done

Open a virtual server, select Redirection Mode as MAC Based, and method as SOURCEIPHASH.===I tried to change to Mac based and get this error>>>.MAC/IPTUNNEL mode can be set only for a VIP with wildcard IP or with service type ANY or for a sessionless VIP.  Also I Dont see SourIPHASH as an option

 

In Traffic Settings, select Sessionless Load Balancing.=== I dont see this option

Probably you might go with my solution? This one does not require service type ANY, but works with TCP. It works fine for me and several of my customers (and other partner's customers I have seen, including deployments done by Citrix Consulting Services)

Link to comment
Share on other sites

57 minutes ago, Mehdi Amini1709158376 said:

Thanks Carl.  In the document it states 

 

Navigate to Traffic Management > Load Balancing > Virtual Servers.====Done

Open a virtual server, select Redirection Mode as MAC Based, and method as SOURCEIPHASH.===I tried to change to Mac based and get this error>>>.MAC/IPTUNNEL mode can be set only for a VIP with wildcard IP or with service type ANY or for a sessionless VIP.  Also I Dont see SourIPHASH as an option

 

In Traffic Settings, select Sessionless Load Balancing.=== I dont see this option

What is the protocol of your vServer and services?

Link to comment
Share on other sites

SMTP (25)

 

Thanks Carl.  In the document it states 

 

Navigate to Traffic Management > Load Balancing > Virtual Servers.====Done

Open a virtual server, select Redirection Mode as MAC Based, and method as SOURCEIPHASH.===I tried to change to Mac based and get this error>>>.MAC/IPTUNNEL mode can be set only for a VIP with wildcard IP or with service type ANY or for a sessionless VIP.  Also I Dont see SourIPHASH as an option

 

In Traffic Settings, select Sessionless Load Balancing.=== I dont see this option

Link to comment
Share on other sites

TCP (25)

 

Thanks Carl.  In the document it states 

 

Navigate to Traffic Management > Load Balancing > Virtual Servers.====Done

Open a virtual server, select Redirection Mode as MAC Based, and method as SOURCEIPHASH.===I tried to change to Mac based and get this error>>>.MAC/IPTUNNEL mode can be set only for a VIP with wildcard IP or with service type ANY or for a sessionless VIP.  Also I Dont see SourIPHASH as an option

 

In Traffic Settings, select Sessionless Load Balancing.=== I dont see this option

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...