Alternative for Hairpinning / DNS static host entry

Hello,
I want to reach a server, which resides in LAN D from client LAN A via it´s public IP (Citrix Netscaler) and https.
Both nets have the same default gateway device (Cisco 1921, 15.4(1) with virtual Interfaces).
On this device also the NAT statics for reachablity of the server from outside are configured.
Is there a way to forward packets destined for 93.XXX.XXX.XXX:443 directly to 10.10.1.150 and back from 10.10.0.0/24, without static DNS or host entrys on any device?
Config extract:
ip nat inside source static tcp 10.10.1.150 443 93.XXX.XXX.XXX 443 extendable
interface GigabitEthernet0/0
 description *** OUTSIDE ***
 ip address 93.XXX.XXX.XXX 255.255.255.224
 ip nat outside
 ip inspect FW in
 ip inspect FW out
interface GigabitEthernet0/1.2
 description *** LAN A ***
 encapsulation dot1Q 2
 ip address 10.10.0.254 255.255.255.0
 ip nat inside
interface GigabitEthernet0/1.3
 description *** LAN D ***
 encapsulation dot1Q 3
 ip address 10.10.1.254 255.255.255.0
  ip nat inside
Help is very much appreciated.
Kind regards
Alex

Hi Alex,
Hope you are doing well!
Since you are using Citrix Netscaler I wanted to mention a new feature Automated Policy based Routing(APBR) and RISE(Remote Integrated Service Engine)  that is available on Citrix Netscaler which might ease you pain points in configuring services.
Here are some details and links
RISE (Remote Integrated Services Engine) is an innovative, industry-first architecture conceived by the Nexus Services engineering team to seamlessly integrate Nexus switches with appliances offering L2/L3/L4-L7 services. RISE makes the service appliance look like a line card in the Nexus 7K series. This integration allows any appliance to take advantage of the benefits of an in-chassis module such as increased application performance, high application availability, and data center consolidation.
RISE press release on Wall Street Journal : http://online.wsj.com/article/PR-CO-20140408-905573.html
RISE At A Glance white paper: http://www.cisco.com/c/dam/en/us/products/collateral/switches/nexus-7000-series-switches/at-a-glance-c45-731306.pdf
RISE announcement blog: http://blogs.cisco.com/datacenter/rise
RISE Video at Interop: https://www.youtube.com/watch?v=1HQkew4EE2g
Cisco RISE page: www.cisco.com/go/rise
Gartner blog on RISE: “Cisco and Citrix RISE to the Occasion”: http://blogs.gartner.com/andrew-lerner/2014/03/31/cisco-and-citrix-rise-to-the-adc-occasion/
Please contact us for a demo/presentation/POC. Please send email to [email protected]
Thanks
Avni

Similar Messages

  • Alternative for "Commode" parameter in Host command

    Dear Buddies
    As we use "Commode" parameter to run report (using Run Product built-in), so can we use it in "Host ifrun60" command too to run our reports in "Asynchronous" communication mode?? I've tried this in my Host command like this
    .....commode=asynchronous....
    Or is there any alternative for this parameter to use in Host command?

    Host built in is used to invoke any executable from forms. It can be used to invoke calc , word or any exe
    I dont think its a good idea to use host built since you will not get the status.
    Use run_product or run_report_object
    Rajesh ALex

  • WAP200 and entry for primary dns cannot be 0 and 255

    I have a wap200 with a static ipaddress e.g. 192.168.249.205/24 (it is for management and is in vlan 1). Firmware of the wap is 2.0.4.0. No gw and no dns. (they are not necessary) I export the config . I have a second wap200 and import the config.bin to the new wap. ThenI like to change the static address and the name of the new wap, but - and this is the problem - it asks me to fill out the dns (the address for primary dns cannot be 0 and 255), but I absolutely don't want that because there is no dns or gw (management only). And if I fill it out I cannot go the the internet with the wap.
    So I also have some other wap200 where I could import the config.bin and change the static ip without giving a dns (firmware 2.0.1.0).
    So my question is: can I go back to a previous firmware (Europe) and where can I find it. Looked for it, but seeing only the last one 2.0.4.0 etsi.
    Or is there another method to skip the dns with a static ipaddress?
    many many thanks in advance.
    Kurt

    Hello Stephanie,
    If you’ve received this mail twice, you can delete one of them. It was not the intention.
    Best regards,
    Kurt Stichelmans
    Goodmorning Stephanie,
    First a great thanks for replying to my question.
    For explaining my situation I ‘ll try to give you a full view.
    I have 3 vlans configured on the network through a Motorola wireless ws5100 switch . Vlan 1 (192.168.249.xxx/24): management, vlan 2 (172.20.176.xxx/24): for the public, vlan 3(10.63.128.xxx/20): for internal users only.
    I have 4 wap200 configured of which one is having trouble. I configured the other three as follow: starting, connecting, giving it an ipaddress in the management vlan and upgraded the firmware from version 2.0.1 to 2.0.4. When I connect to the wireless ssid “public” I get an ipaddress from the range 172.20.176.x. When I connect to the ssid “internal users” I get an ip from the range 10.63.128.x and when I connect to the ssid “management” I get an ip from the range 192.168.249.x. The last one is only for management so I can not go to the internet from here (which is ok), from the other two I can go to the internet as wished and the two ssid’s can not communicate which each other as wished.
    Important: the ipaddress of the wap200 has an ipaddress 192.168.249.200/24 with no dns input (no dns is needed so..)
    With the fourth one I did first a firmware upgrade and I imported the config of another wap200 (one of the first three). Then I wanted to reconfigure the wap (ipaddress) but when I change the ipaddress and click on save I have to give also a dnsentry. (When I do this with the other wap200 it’s asking me also a dnsentry, so it must be the firmware). When I give a dns entry I cannot go to the internet with ssid “public” nor “internal user”.
    So what I thought is to go back to firmware 2.0.1 and then import the config of another wap200. So I can change the ipaddress without the need of a dnsentry. After that I can upgrade to the last firmware. And job done.
    Hope you can help me to make the situation usable.
    Kind regards
    Kurt Stichelmans

  • IView N/A Component N/A check host entries for System SAP_ITS_XSS

    Hi,
    if i enter the purchasing are and by each link the same failure occurs:
    Portal Runtime Error
    An exception occurred while processing a request for :
    iView : N/A
    Component Name : N/A
    Application URL ':///sap(ZT1CNE1Oa0dZV2NVTnNGTlBrTjJOZkF3JTNEJTNENnIwcUVRM0ZVdlRJN1QwQVd3dDdRdyUzRCUzRA==)/bc/gui/sap/its/BBPSC01' is not valid! Please check the protocol and host entries for system 'SAP_ITS_XSS'..
    See the details for the exception ID in the log file.
    the url changes each time.
    can anyone help me?
    regards
    sleepy_head

    Hi,
    Please check the System Definition of SAP_ITS_XSS in SYSTEM ADMINISTRATION. In this, Please check the CONNECTOR and ITS properties.
    Please check if all the entries are fine.
    Regards,
    <i><b>Raja Sekhar</b></i>

  • Static Arp Entry for Exchange 2010

    Hello All,
    I was hoping someone could assist with an issue that our Exchange team are having, specifically with replication traffic traversing our DC to DR site.
    The infrastructure consists of a Layer 3 data centre and a disaster recovery site, so essentially its a live/backup environment. Both the DC and DR site are connected with a LES using routed interfaces.
    The Exchange cluster at the DC is associated with the following subnets:
    MAPI - 10.1.30.X
    Replication: 10.1.230.X
    DR site has the following subnets associated with the exhange cluster :
    MAPI - 192.168.4.X
    Replication - 192.168.230.X
    When an attempt is made to create a database/mailbox on an exchange server at the DC and copy it using  the replication subnet source: 10.1.230.X to destination subnet: 192.168.230.X, the copy process fails.
    Replication traffic in general going from DC to DR or vice-versa is subject to constant problems and seems unreliable. Our exchange team have to manually copy mailboxes from one cluster to the other using Windows explorer which works fine.
    The Exchange cluster at both sites reside within a VMWare ESX enclosure and connect to Cisco 6500 switches. Would the Cisco switches require a static arp entry for their respective Exchange clusters, which should be configured on each switch? If this was missing could this be the root cause of the replication problems we're experiencing? Or does this depend on whether the exchange cluster is using NLB Unicast or Multicast mode?
    Any assistance would be most appreciated.
    Regards,
    Jamie

    Jamie,
    Have a look at this link:-
    http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml
    It depends on how the team NLB is set up.
    You may need static mac & static arp as well as disabling igmp snooping if multicasting is bein used.
    Regards,
    Alex.
    Please rate useful posts.

  • Alternative for integrating Portal to Sap Webwas 6.20 (without ITS)

    Hello
    I have a scenario which I should open SAP Transactions from Uwl tasks in Portal, without ITS (as sap Webwas doesnt have embedded ITS).
    I get the following error:
    iView : pcd:portal_content/every_user/general/uwl/com.sap.netweaver.bc.uwl.uwlSapLaunch
    Nome de componente : com.sap.portal.appintegrator.sap.Transaction
    Exception in SAP Application Integrator occured: Application URL ':///sap(ZT01VUxMbEJHNHpWWUIzVyUyQjRZWm5lWnclM0QlM0R1NjYlMkZzcklXQ3Z4WXJPV3g5OXVvVnclM0QlM0Q=)/bc/gui/sap/its/webgui' is not valid! Please check the protocol and host entries for system 'R3_SYSTEM'..
    Is there any alternative for accessing the SAP Transactions in UWL without ITS?
    I tried to change the Uwl XML to call a custom view, but nothing has changed, the result is the same. I changed from:
        <ItemType name="uwl.task.webflow.TS01000096.R3_SYSTEM" connector="WebFlowConnector" defaultView="DefaultView" defaultAction="launchSAPAction" executionMode="default">
          <ItemTypeCriteria systemId="R3_SYSTEM" externalType="TS01000096" connector="WebFlowConnector"/>
          <Actions>
            <Action name="launchSAPAction" groupAction="" handler="SAPIACLauncher" returnToDetailViewAllowed="yes" launchInNewWindow="yes" launchNewWindowFeatures="resizable=yes,scrollbars=yes,status=yes,toolbar=no,menubar=no,location=no,directories=no">
              <Properties>
                <Property name="newWindowFeatures" value="resizable=yes,scrollbars=yes,status=yes,toolbar=no,menubar=no,location=no,directories=no"/>
                <Property name="openInNewWindow" value="yes"/>
                <Property name="display_order_priority" value="5"/>
                <Property name="IAC" value="WS01000060"/>
              </Properties>
              <Descriptions default=""/>
            </Action>
          </Actions>
        </ItemType>
    To:
              <ItemType name="uwl.task.webflow.TS90300030.R3_SYSTEM" connector="WebFlowConnector" defaultView="DefaultView" defaultAction="launchIView" executionMode="default">
                   <ItemTypeCriteria systemId="R3_SYSTEM" externalType="TS90300030" connector="WebFlowConnector"/>
                   <Actions>
                        <Action name="launchIView" handler="IViewLauncher">
                             <Properties>
                                  <Property name="iview" value="pcd:portal_content/myISRDispatcher"/>
                                  <Property name="openInNewWindow" value="yes"/>
                             </Properties>
                             <Descriptions default="launchIView"/>
                        </Action>
                   </Actions>
              </ItemType>
    Thanks

    Hi Vitor,
    This is not possible.
    If you want to call backend transactions you will need to use the ITS: ITS 6.20 for backend releases with kernel 6.20 (and lower) or the Integrated ITS with kernel >= 6.40. SAP notes 709038 and 325616 can give you more information.
    Best regards,
    Cristiano

  • Static PAT entry blocking Branch site from accessing resource on same port. How to get around this?

    Hello, I have a UC560 and UC540 connected using an IPSec Site to Site tunnel.
    There is a server on the main site they are trying to access (lets say IP is 192.168.1.252) and they need to access this server on ports 13000, 14000, and 15000.
    Unfortunately, since there are users from the internet and other places that need to access this server on these ports, these static pat entries are in the server (Lets say 99.99.99.99 is the WAN IP):
    ip nat inside source static tcp 192.168.1.252 13000 99.99.99.99 13000 extendable
    ip nat inside source static tcp 192.168.1.252 14000 99.99.99.99 14000 extendable
    ip nat inside source static tcp 192.168.1.252 15000 99.99.99.99 15000 extendable
    The users in the branch site that is connected via VPN can reach this server on all TCP ports(RDP, http, etc) so that's not the issue. When I remove these nat statements, the VPN users can access the resource via that port (I.e telnet 192.168.1.252 13000 ) whereas they are shut down and connection fails if the static pat entries are in there.
    I need to have outside users and VPN users be able to access this server whether they are coming in across the VPN goin to 192.168.1.252:13000 or coming in from the internet on 99.99.99.99:13000
    Is there a way around this other than forcing the VPN users to access this server via the WAN IP for these ports? And does anyone know the logic behind this? I'm curious. From what I've seen in other cases, this is expected behavior, I'd just like a better understanding of it.
    Any help on this would be GREATLY appreciated! Thank you

    I hope I explained this properly. If not, please let me know!
    Thanks

  • Static NAT entry disappears when using NVI on Cisco 1921 (Multiple versions)

    We have a Cisco 1921 as an IPSec tunnel endpoint where we assign static NAT entries. It is a static one-to-one NAT putting each remote endpoint as a local /24 subnet. We are using NVI and we see some of these static entries disappear when packets are unable to reach the destination. 
    The production router is running 15.0(1r)M16 but we were able to reproduce this same behavior on 15.4(1)T2.
    To reproduce, we add the static NVI entry:
    ip nat source static X.X.X.X 172.30.250.11
    And things look good for a bit:
    ROUTER# sh ip nat nvi trans | i 172.30.250.11
    gre 172.30.250.11:0 X.X.X>X:0 Y.Y.Y.Y:0 Y.Y.Y.Y:0
    --- 172.30.250.11 138.54.32.9 --- ---
    tcp Y.Y.Y.Y:60360 Z.Z.Z.Z:60360 172.30.250.11:22 X.X.X.X:22
    There is a known issue with GRE traffic being dropped at this particular endpoint, so after generating GRE traffic, the entry completely disappears:
    ROUTER# sh run | i 172.30.250.11
    ROUTER#
    ROUTER# sh ip nat nvi trans | i 172.30.250.11
    gre 172.30.250.11:0 X.X.X>X:0 Y.Y.Y.Y:0 Y.Y.Y.Y:0
    icmp Y.Y.Y.Y:59916 Z.Z.Z.Z:59916 172.30.250.11:59916 172.30.250.11:59916
    tcp Y.Y.Y.Y:60360 Z.Z.Z.Z:60360 172.30.250.11:22 X.X.X.X:22
    I can reproduce this by severing the tunnel to any other remote site, and after generating GRE traffic to the downed endpoint, the corresponding static NAT entry will disappear.
    Debugging has not shown anything, and I have found some mentions of similar behavior on older versions. Has anyone seen this? We don't have support access to test all versions, so if it is known to be resolved in a particular one, we would love to know to work towards loading that version.
    Thanks

    Hi Ryan,
    Asa cannot ahve 2 default routes, it can only have one. ASA also doesnt support PBR, so the setup that you are trying to configure would not work on the ASA. Router is the correct option for it.
    Hope that helps.
    Thanks,
    Varun Rao
    Security Team,
    Cisco TAC

  • RZ20 server host entries disappear under Operating System Node

    Hi,
    I am trying to setup auto reaction methods in RZ21 and want to assign them to properties in RZ20 on SolMan (as my CEN) under
    Operating System -> <server host> -> filesystems -> <file path of choice> -> Percentage_Used
    for the percentage_used i assign an auto reaction method and save it. Now it seems for some bizarre reason, some of the server hosts entries under Operating Systems disappear at the next auto refresh and reappear and i lose my assigned auto reaction methods, which means i have to redo it again.
    does anyone else have or had this problem and have a solution for this?
    your help would be much appreciated.
    Mani

    I would not encourage using root user.
    Your oracle user may not have the correct permissions. You need to ensure that oracle is in the required OS group and have the required privileges and file persmissions. Ensure that root.sh was run during your install.
    If you check the corresponding trace files under
    $ORACLE_HOME/sysman/log/ you may find more detailed message.
    e.g emagent.trc

  • OTL Error - Hrs - Element link does not exist for the duration of the entry

    Hi,
    We had a few new people start just before xmas however when the person entering their record did it, they didn't date-track the additional assignment time information record to the start of the week (they did however correctly date-track their employee and assignment record) so when the timecard was filled in errors were thrown up.
    Since then I have gone back into the employees assignment time record, purged it and then re-created it effective from the week beginning.
    However when we try to enter time for them now using delegated self service, the following error is shown for the two days which were originally excluded from the date-tracked record:
    Hrs - Element link does not exist for the duration of the entry Cause: The link has been purged or date effectively deleted. Action: Check the effective start and end dates on the link definitions for this element. The original record should have been created from the 19th dec 2009 however was done from the 23rd by accident. I have since been in and replaced it with a record effective from the 19th.
    I have re-run the security list generation (we are using static list).
    The only thing I can find on metalink is 372086.1 which doesn't really describe the problem or help!!
    The people don't appear in the timekeeper form though which is strange. I really can't see any reason why their record isn't valid - no data is missing. Do I need to run a job to update the information or something?
    We are using 11.5.10.2
    Thankss

    Well would you believe it!? After much late night meddling around, I noticed one employee worked! There was absolutely no difference in any settings between his record and a persons who did not work. So I went into another employees record, changed his name and saved (correcting). Tried again and he worked fine! So, just by changing the employee name it seems to have worked for self service! I still cannot see them in timekeeper which is worrying however at least we can get time in for them now!
    If anyone knows why I may not be able to see them in timekeeper (even using an un-secured responsibility) then that would be a great help! :)

  • Alternative For tabIndex

    Hi Friends,
    I am using JDeveloper 11.1.2 .In my application I need to achieve tab order. In adf I can't find the tab index.I need the alternative for tab index in adf.Any type of suggestions always welcome.
    Thanks ,
    Arun D.

    Hi..
    Check
    Controlling tab order in an ADF Form
    http://blogs.oracle.com/shay/entry/controlling_tab_order_in_an_ad
    How-to control the keyboard tab behavior in a LOV field
    http://blogs.oracle.com/jdevotnharvest/entry/how-to_control_the_keyboard_tab_behavior_in_a_lov_field
    ADF Faces setting the tab order between fields

  • Alternative for EXEC command(Native SQL)

    Hi Friends,
             While Using the EXEC command in native sql it is showing the obselete Error  , Can  any one help  with giving the alternative for the commands for native SQl.
           Immediate

    In a Native SQL statement, data is passed between the ABAP program and the database using host variables. A host variable is an ABAP variable that is identified as such in the Native SQL statement by a preceding colon (:).
    Example
    Displaying an extract from the table AVERI_CLNT:
    DATA: F1(3), F2(3), F3(3).
    F3 = ' 1 '.
    EXEC SQL.
      SELECT CLIENT, ARG1 INTO :F1, :F2 FROM AVERI_CLNT
             WHERE ARG2 = :F3
    ENDEXEC.
    WRITE: / F1, F2.
    To simplify the form of the INTO lists in the SELECT statement, you can, as in Open SQL, specify a single structure as the target area.
    Example
    Displaying an Extract from the Table AVERI_CLNT:
    DATA: BEGIN OF WA,
            CLIENT(3), ARG1(3), ARG2(3),
          END OF WA.
    DATA  F3(3).
    F3 = ' 1 '.
    EXEC SQL.
      SELECT CLIENT, ARG1 INTO :WA FROM AVERI_CLNT
             WHERE ARG2 = :F3
    ENDEXEC.
    WRITE: / WA-CLIENT, WA-ARG1.
    Native SQL supports the directly-executable commands of your underlying database system. There are other special commands that you can use after the EXEC SQL statement for cursor handling, stored procedures (procedures stored in the database), and connections to other databases.
    Cursor Processing

  • Alternative for replaceAll()

    the replaceAll(String,String) is supported in java version 1.4 only and not in 1.3. can anyone suggest an alternative for the function in java 1.3?

    There's a regex package for 1.3 that the 1.4 stuff is based on. I think it's hosted at apache or sourceforge. Google for it.

  • Alternative for SE16

    Is there any alternative for SE16 to check number of entries in tables.
    Scenario is,
    Based on filter company code, find number of records in BKPF and then in BSEG. Is they any other way?
    thanks,

    Hello Mark,
    thanks for reply.
    I am checking if there is any alternative for SE16.
    Since the BSEG table is big and in most of the cases in foreground with SE16 it will give time out error.
    i know we can check by running SE16 in background job.
    This is the reason I am wondering if there is any another option.
    regards,
    Sant

  • Alternative for inner joins

    Hi,
    please check this code and suggest me of an alternative for this performance wise.
    SELECT b~partner
                      APPENDING CORRESPONDING FIELDS OF
                      TABLE t_db_pos_match
                        FROM adrc AS a
                        JOIN but020 AS b
                          ON   aaddrnumber = baddrnumber
                        JOIN but000 AS c
                          ON   bpartner    = cpartner
                        WHERE  c~partner   NE t_bp_obj-act-ekun-partner
                          AND  c~mc_name1   = t_bp_obj-act-ekun-name_last
                          AND  a~city1      = wa-city1
                          AND  a~post_code1 = wa-post_code1
                          AND  a~po_box     = wa-po_box
                          AND  a~street     = wa-street
                          AND  a~house_num1 = wa-house_num1
                          AND  a~house_num2 = wa-house_num2
                          AND  a~region     = wa-region
                          AND  a~addr_group = 'BP'.
    awaiting your reply.
    Binay.

    HI
    *PARAMETERS P_CITY TYPE SPFLI-CITYFROM.
    **TYPES: BEGIN OF ENTRY_TAB_TYPE,
            CARRID TYPE SPFLI-CARRID,
            CONNID TYPE SPFLI-CONNID,
          END OF ENTRY_TAB_TYPE.
    **DATA: ENTRY_TAB   TYPE TABLE OF ENTRY_TAB_TYPE,
         SFLIGHT_TAB TYPE SORTED TABLE OF SFLIGHT
                          WITH UNIQUE KEY CARRID CONNID FLDATE.
    **SELECT CARRID CONNID
          FROM SPFLI
          INTO CORRESPONDING FIELDS OF TABLE ENTRY_TAB
          WHERE CITYFROM = P_CITY.
    **SELECT CARRID CONNID FLDATE
          FROM SFLIGHT
          INTO CORRESPONDING FIELDS OF TABLE SFLIGHT_TAB
          FOR ALL ENTRIES IN ENTRY_TAB
          WHERE CARRID = ENTRY_TAB-CARRID AND
                CONNID = ENTRY_TAB-CONNID.
    TRY LIKE THIS
    REWARD IF USEFULL

Maybe you are looking for

  • Xml: how to get node value when pasing node name as a parameter

    Hi, I've got some xml: var xmlData:XML = <1stNode>     <buttonID>first child node value</buttonID>     <imageID>second child node value</imageID>     <labelID>third child node value</labelID> </1stNode> Then I want to read specific node value based o

  • Macbook Display Darker In Corners

    I dont know if I am just being paranoid but I have started noticing that my 4 month old 2GHz Core 2 Duo Macbook display is slightly dark at the bottom two corners. Usually i dont notice it but at times when I see a movie in widescreen, the two dark s

  • Plugged in new Iphone 5 to computer and it says can't access due to password, but don't have a password set yet

    I just got my new Iphone 5s activated at verizon. I came home to plug into my computer to get all my apps, etc that I had backed up from old phone. Computer keeps saying it can't access the new phone due to a password and that I need to enter passwor

  • Hi All ,need ideas on using oracle apex maps...

    Hi All, I need a map on country like trinidad and Tobago and jamaica together how do I accomplish that...using the current oracle apex.. I couldnt find country tobaga and Trinidad listed there Thanks any guidance shall be appreciated.. Paul j

  • Automatically send by email an adobe pdf form

    Hi, We developped custom adobe forms. We have to plug them to SAP CRM customizing in action profiles, to attach them to the business object in SAP and send it by email. We can do it with smartforms, but we didnt find the customizing point to do it wi