Jump to content
Welcome to our new Citrix community!

Multiple ADC RADIUS Client IPs?


Recommended Posts

We are working on building a second Citrix Gateway on our ADC. Each gateway points to a different RADIUS server to service two different authenticators in our environment. I may be incorrect, but we need to  configure each RADIUS server with a different RADIUS client IP. Currently, the first gateway RADIUS client uses the SNIP, and so, we have problems if the second gateway uses the same SNIP for its RADIUS client.  While both RADIUS servers are unique, they tie into the same environment, and it causes authentication failures if both RADIUS clients use the same IP. I was able to workaround this by not load balancing the second RADIUS server, forcing the second gateway to use the NSIP instead of SNIP.

 

With that said, what's the ideal solution here? Ideally, we want to load balance our RADIUS servers and have each gateway's RADIUS client use diverse IPs. Not sure if we need to create another SNIP for the second gateway, or would that even be possible?

 

Any advice or insight into this would be extremely valuable. Thank you for your time!

Link to comment
Share on other sites

3 hours ago, Carl Stalhood1709151912 said:

Yep. You can use nstcpdump.sh to confirm which source IP is being used.

Awesome, thanks again! It does appear this is working and RADIUS requests are being sourced from the Net Profile secondary SNIP.

The nstcpdump.sh output shows this order for RADIUS request:

NSIP -> RADIUS vServer
Net Profile IP -> RADIUS service 1
RADIUS service 1 --> Net Profile IP 
RADIUS vServer --> NSIP 

Then does the exact same sequence with RADIUS service 2

Unfortunately, getting RADIUS rejects when using the RADIUS vServer. Works fine when the authentication policy is pointed to a single RADIUS server.

Could be an issue with our Identity Provider, but if you have any other thoughts, please let me know.

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...