NetScaler with Cisco ASA for Web DMZ

Unanswered Question
Feb 12th, 2010

Hi, I have to design my DMZ. I am using Cisco ASA, Netscaler for that.

On the front end, I am using Cisco ASA 5440 having Public IP on outside & Private IP on DMZ interface.

I am connected Netscaler to DMZ interface of ASA. I will activate Private IP on both interfaces of Netscaler & would activate Static NAT of ASA for public IP which are registered with ISP.

I want to know, is it mandatory to enable Public IP on outside interface of Netscaler ? Or NAT on ASA for public IP will also work?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Sat, 02/13/2010 - 00:32

Hi, I have to design my DMZ. I am using Cisco ASA, Netscaler for that.

On the front end, I am using Cisco ASA 5440 having Public IP on outside & Private IP on DMZ interface.

I am connected Netscaler to DMZ interface of ASA. I will activate Private IP on both interfaces of Netscaler & would activate Static NAT of ASA for public IP which are registered with ISP.

I want to know, is it mandatory to enable Public IP on outside interface of Netscaler ? Or NAT on ASA for public IP will also work?

Hi Rupesh,

If firewall is the front end for outside world then better and safe option you apply nat for private ip address of the netscaler and permit rule as per the requirement in ASA.

Hope to help

If helpful do rate the post

Ganesh.H

Rupesh Kashyap Sat, 02/13/2010 - 01:17

I want to know one thing, like I will configure Static NAT on ASA which will convert Public IP to Private IP.

Is it possible to use Private IP on the outside interface of Netscaler or CSS which should work like VIP (Virtual Server IP)?

Actions

This Discussion