Solved: Citrix CSG and STA issue

pengfang · ‎10-04-2006

Hi all,

I got some problem with implementation PIX v7.21 with Citrix application server.My scenario is Citrix CSG server (Web interface Server) stays in DMZ,Citrix STA server stays in inside network,when I use static (inside,dmz) command to hide real IP of STA server, the CSG could not talk to mapped IP,it pop up some error message like " no specific IP address of the server found" ,I'm sure I can ping mapped IP from DMZ.then I changed staic command to "static (inside,dmz) Real-ip of STA server Real-ip of STA server", it is like no nat,so it works.My question is can I use static NAT for hidding inside IP in this Citrix case or Citrix hardcode the IP of STA we can not change ?

Aaron Harrison · ‎10-05-2006

Hi

I've usually implemented CSG/STA with the traffic to the CSG natted and traffic from CSG to STA not natted.

It sounds like STA is responding with it's IP embedded in higher-layer protocol which isn't natted with the IP header...

Aaron

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

View solution in original post

Aaron Harrison · ‎10-05-2006

Hi

I've usually implemented CSG/STA with the traffic to the CSG natted and traffic from CSG to STA not natted.

It sounds like STA is responding with it's IP embedded in higher-layer protocol which isn't natted with the IP header...

Aaron

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

pengfang · ‎10-05-2006

Thanks Aaron.