Configuring Netscaler for multiple seperate networks/VLANs

[Duane Abrames]

I am looking for some tips or guidance on configuring netscaler for my environment. Basically I have multiple different networks, each behind its own firewall. I want to use one netscaler appliance to provide Citrix Gateway servers into all the networks. netscaler is virtual, and I intend on passing each network to NS as tagged VLANs. The special sauce I have not yet found is how to make netscaler route reply traffic for each SNIP/VIP to its corresponding gateway. Right now, traffic from the netscaler all originates from the VLAN where the NSIP is, with the correct SNIP attached. That works now because I have a layer3 switch in place routing the traffic between networks, but I am in the process of adding more internal firewall partitions to the network, and having that traffic flow pattern will no longer work once I remove the layer-3 switch routing to isolate the networks from each other.

Here is an example. Each /24 has its own VLAN, firewall and Citrix DDC/SF server.

I do realize I could just provision a netscaler on each network, but these Citrix environments are quite small, and we don't want to take on the licensing cost for multiple appliances.

[Carl Stalhood]

MBF (Mac Based Forwarding) will send replies to the same MAC/interface/VLAN that the request came from.

For Layer 3 outbound routing, NetScaler will use a SNIP on the same subnet as the next hop gateway/router. Add routes to the routing table.

Another option is PBRs for traffic that have particular VIPs are source IP.