Alternative for Hairpinning / DNS static host entry

I want to reach a server, which resides in LAN D from client LAN A via it´s public IP (Citrix Netscaler) and https.
Both nets have the same default gateway device (Cisco 1921, 15.4(1) with virtual Interfaces).
On this device also the NAT statics for reachablity of the server from outside are configured.
Is there a way to forward packets destined for 93.XXX.XXX.XXX:443 directly to and back from, without static DNS or host entrys on any device?
Config extract:
ip nat inside source static tcp 443 93.XXX.XXX.XXX 443 extendable
interface GigabitEthernet0/0
 description *** OUTSIDE ***
 ip address 93.XXX.XXX.XXX
 ip nat outside
 ip inspect FW in
 ip inspect FW out
interface GigabitEthernet0/1.2
 description *** LAN A ***
 encapsulation dot1Q 2
 ip address
 ip nat inside
interface GigabitEthernet0/1.3
 description *** LAN D ***
 encapsulation dot1Q 3
 ip address
  ip nat inside
Help is very much appreciated.
Kind regards

Hi Alex,
Hope you are doing well!
Since you are using Citrix Netscaler I wanted to mention a new feature Automated Policy based Routing(APBR) and RISE(Remote Integrated Service Engine)  that is available on Citrix Netscaler which might ease you pain points in configuring services.
Here are some details and links
RISE (Remote Integrated Services Engine) is an innovative, industry-first architecture conceived by the Nexus Services engineering team to seamlessly integrate Nexus switches with appliances offering L2/L3/L4-L7 services. RISE makes the service appliance look like a line card in the Nexus 7K series. This integration allows any appliance to take advantage of the benefits of an in-chassis module such as increased application performance, high application availability, and data center consolidation.
RISE press release on Wall Street Journal :
RISE At A Glance white paper:
RISE announcement blog:
RISE Video at Interop:
Cisco RISE page:
Gartner blog on RISE: “Cisco and Citrix RISE to the Occasion”:
Please contact us for a demo/presentation/POC. Please send email to [email protected]

Similar Messages

  • Alternative for "Commode" parameter in Host command

    Dear Buddies
    As we use "Commode" parameter to run report (using Run Product built-in), so can we use it in "Host ifrun60" command too to run our reports in "Asynchronous" communication mode?? I've tried this in my Host command like this
    Or is there any alternative for this parameter to use in Host command?

    Host built in is used to invoke any executable from forms. It can be used to invoke calc , word or any exe
    I dont think its a good idea to use host built since you will not get the status.
    Use run_product or run_report_object
    Rajesh ALex

  • WAP200 and entry for primary dns cannot be 0 and 255

    I have a wap200 with a static ipaddress e.g. (it is for management and is in vlan 1). Firmware of the wap is No gw and no dns. (they are not necessary) I export the config . I have a second wap200 and import the config.bin to the new wap. ThenI like to change the static address and the name of the new wap, but - and this is the problem - it asks me to fill out the dns (the address for primary dns cannot be 0 and 255), but I absolutely don't want that because there is no dns or gw (management only). And if I fill it out I cannot go the the internet with the wap.
    So I also have some other wap200 where I could import the config.bin and change the static ip without giving a dns (firmware
    So my question is: can I go back to a previous firmware (Europe) and where can I find it. Looked for it, but seeing only the last one etsi.
    Or is there another method to skip the dns with a static ipaddress?
    many many thanks in advance.

    Hello Stephanie,
    If you’ve received this mail twice, you can delete one of them. It was not the intention.
    Best regards,
    Kurt Stichelmans
    Goodmorning Stephanie,
    First a great thanks for replying to my question.
    For explaining my situation I ‘ll try to give you a full view.
    I have 3 vlans configured on the network through a Motorola wireless ws5100 switch . Vlan 1 ( management, vlan 2 ( for the public, vlan 3( for internal users only.
    I have 4 wap200 configured of which one is having trouble. I configured the other three as follow: starting, connecting, giving it an ipaddress in the management vlan and upgraded the firmware from version 2.0.1 to 2.0.4. When I connect to the wireless ssid “public” I get an ipaddress from the range 172.20.176.x. When I connect to the ssid “internal users” I get an ip from the range 10.63.128.x and when I connect to the ssid “management” I get an ip from the range 192.168.249.x. The last one is only for management so I can not go to the internet from here (which is ok), from the other two I can go to the internet as wished and the two ssid’s can not communicate which each other as wished.
    Important: the ipaddress of the wap200 has an ipaddress with no dns input (no dns is needed so..)
    With the fourth one I did first a firmware upgrade and I imported the config of another wap200 (one of the first three). Then I wanted to reconfigure the wap (ipaddress) but when I change the ipaddress and click on save I have to give also a dnsentry. (When I do this with the other wap200 it’s asking me also a dnsentry, so it must be the firmware). When I give a dns entry I cannot go to the internet with ssid “public” nor “internal user”.
    So what I thought is to go back to firmware 2.0.1 and then import the config of another wap200. So I can change the ipaddress without the need of a dnsentry. After that I can upgrade to the last firmware. And job done.
    Hope you can help me to make the situation usable.
    Kind regards
    Kurt Stichelmans

  • IView N/A Component N/A check host entries for System SAP_ITS_XSS

    if i enter the purchasing are and by each link the same failure occurs:
    Portal Runtime Error
    An exception occurred while processing a request for :
    iView : N/A
    Component Name : N/A
    Application URL ':///sap(ZT1CNE1Oa0dZV2NVTnNGTlBrTjJOZkF3JTNEJTNENnIwcUVRM0ZVdlRJN1QwQVd3dDdRdyUzRCUzRA==)/bc/gui/sap/its/BBPSC01' is not valid! Please check the protocol and host entries for system 'SAP_ITS_XSS'..
    See the details for the exception ID in the log file.
    the url changes each time.
    can anyone help me?

    Please check the System Definition of SAP_ITS_XSS in SYSTEM ADMINISTRATION. In this, Please check the CONNECTOR and ITS properties.
    Please check if all the entries are fine.
    <i><b>Raja Sekhar</b></i>

  • Static Arp Entry for Exchange 2010

    Hello All,
    I was hoping someone could assist with an issue that our Exchange team are having, specifically with replication traffic traversing our DC to DR site.
    The infrastructure consists of a Layer 3 data centre and a disaster recovery site, so essentially its a live/backup environment. Both the DC and DR site are connected with a LES using routed interfaces.
    The Exchange cluster at the DC is associated with the following subnets:
    MAPI - 10.1.30.X
    Replication: 10.1.230.X
    DR site has the following subnets associated with the exhange cluster :
    MAPI - 192.168.4.X
    Replication - 192.168.230.X
    When an attempt is made to create a database/mailbox on an exchange server at the DC and copy it using  the replication subnet source: 10.1.230.X to destination subnet: 192.168.230.X, the copy process fails.
    Replication traffic in general going from DC to DR or vice-versa is subject to constant problems and seems unreliable. Our exchange team have to manually copy mailboxes from one cluster to the other using Windows explorer which works fine.
    The Exchange cluster at both sites reside within a VMWare ESX enclosure and connect to Cisco 6500 switches. Would the Cisco switches require a static arp entry for their respective Exchange clusters, which should be configured on each switch? If this was missing could this be the root cause of the replication problems we're experiencing? Or does this depend on whether the exchange cluster is using NLB Unicast or Multicast mode?
    Any assistance would be most appreciated.

    Have a look at this link:-
    It depends on how the team NLB is set up.
    You may need static mac & static arp as well as disabling igmp snooping if multicasting is bein used.
    Please rate useful posts.

  • Alternative for integrating Portal to Sap Webwas 6.20 (without ITS)

    I have a scenario which I should open SAP Transactions from Uwl tasks in Portal, without ITS (as sap Webwas doesnt have embedded ITS).
    I get the following error:
    iView : pcd:portal_content/every_user/general/uwl/
    Nome de componente :
    Exception in SAP Application Integrator occured: Application URL ':///sap(ZT01VUxMbEJHNHpWWUIzVyUyQjRZWm5lWnclM0QlM0R1NjYlMkZzcklXQ3Z4WXJPV3g5OXVvVnclM0QlM0Q=)/bc/gui/sap/its/webgui' is not valid! Please check the protocol and host entries for system 'R3_SYSTEM'..
    Is there any alternative for accessing the SAP Transactions in UWL without ITS?
    I tried to change the Uwl XML to call a custom view, but nothing has changed, the result is the same. I changed from:
        <ItemType name="uwl.task.webflow.TS01000096.R3_SYSTEM" connector="WebFlowConnector" defaultView="DefaultView" defaultAction="launchSAPAction" executionMode="default">
          <ItemTypeCriteria systemId="R3_SYSTEM" externalType="TS01000096" connector="WebFlowConnector"/>
            <Action name="launchSAPAction" groupAction="" handler="SAPIACLauncher" returnToDetailViewAllowed="yes" launchInNewWindow="yes" launchNewWindowFeatures="resizable=yes,scrollbars=yes,status=yes,toolbar=no,menubar=no,location=no,directories=no">
                <Property name="newWindowFeatures" value="resizable=yes,scrollbars=yes,status=yes,toolbar=no,menubar=no,location=no,directories=no"/>
                <Property name="openInNewWindow" value="yes"/>
                <Property name="display_order_priority" value="5"/>
                <Property name="IAC" value="WS01000060"/>
              <Descriptions default=""/>
              <ItemType name="uwl.task.webflow.TS90300030.R3_SYSTEM" connector="WebFlowConnector" defaultView="DefaultView" defaultAction="launchIView" executionMode="default">
                   <ItemTypeCriteria systemId="R3_SYSTEM" externalType="TS90300030" connector="WebFlowConnector"/>
                        <Action name="launchIView" handler="IViewLauncher">
                                  <Property name="iview" value="pcd:portal_content/myISRDispatcher"/>
                                  <Property name="openInNewWindow" value="yes"/>
                             <Descriptions default="launchIView"/>

    Hi Vitor,
    This is not possible.
    If you want to call backend transactions you will need to use the ITS: ITS 6.20 for backend releases with kernel 6.20 (and lower) or the Integrated ITS with kernel >= 6.40. SAP notes 709038 and 325616 can give you more information.
    Best regards,

  • Static PAT entry blocking Branch site from accessing resource on same port. How to get around this?

    Hello, I have a UC560 and UC540 connected using an IPSec Site to Site tunnel.
    There is a server on the main site they are trying to access (lets say IP is and they need to access this server on ports 13000, 14000, and 15000.
    Unfortunately, since there are users from the internet and other places that need to access this server on these ports, these static pat entries are in the server (Lets say is the WAN IP):
    ip nat inside source static tcp 13000 13000 extendable
    ip nat inside source static tcp 14000 14000 extendable
    ip nat inside source static tcp 15000 15000 extendable
    The users in the branch site that is connected via VPN can reach this server on all TCP ports(RDP, http, etc) so that's not the issue. When I remove these nat statements, the VPN users can access the resource via that port (I.e telnet 13000 ) whereas they are shut down and connection fails if the static pat entries are in there.
    I need to have outside users and VPN users be able to access this server whether they are coming in across the VPN goin to or coming in from the internet on
    Is there a way around this other than forcing the VPN users to access this server via the WAN IP for these ports? And does anyone know the logic behind this? I'm curious. From what I've seen in other cases, this is expected behavior, I'd just like a better understanding of it.
    Any help on this would be GREATLY appreciated! Thank you

    I hope I explained this properly. If not, please let me know!

  • Static NAT entry disappears when using NVI on Cisco 1921 (Multiple versions)

    We have a Cisco 1921 as an IPSec tunnel endpoint where we assign static NAT entries. It is a static one-to-one NAT putting each remote endpoint as a local /24 subnet. We are using NVI and we see some of these static entries disappear when packets are unable to reach the destination. 
    The production router is running 15.0(1r)M16 but we were able to reproduce this same behavior on 15.4(1)T2.
    To reproduce, we add the static NVI entry:
    ip nat source static X.X.X.X
    And things look good for a bit:
    ROUTER# sh ip nat nvi trans | i
    gre X.X.X>X:0 Y.Y.Y.Y:0 Y.Y.Y.Y:0
    --- --- ---
    tcp Y.Y.Y.Y:60360 Z.Z.Z.Z:60360 X.X.X.X:22
    There is a known issue with GRE traffic being dropped at this particular endpoint, so after generating GRE traffic, the entry completely disappears:
    ROUTER# sh run | i
    ROUTER# sh ip nat nvi trans | i
    gre X.X.X>X:0 Y.Y.Y.Y:0 Y.Y.Y.Y:0
    icmp Y.Y.Y.Y:59916 Z.Z.Z.Z:59916
    tcp Y.Y.Y.Y:60360 Z.Z.Z.Z:60360 X.X.X.X:22
    I can reproduce this by severing the tunnel to any other remote site, and after generating GRE traffic to the downed endpoint, the corresponding static NAT entry will disappear.
    Debugging has not shown anything, and I have found some mentions of similar behavior on older versions. Has anyone seen this? We don't have support access to test all versions, so if it is known to be resolved in a particular one, we would love to know to work towards loading that version.

    Hi Ryan,
    Asa cannot ahve 2 default routes, it can only have one. ASA also doesnt support PBR, so the setup that you are trying to configure would not work on the ASA. Router is the correct option for it.
    Hope that helps.
    Varun Rao
    Security Team,
    Cisco TAC

  • RZ20 server host entries disappear under Operating System Node

    I am trying to setup auto reaction methods in RZ21 and want to assign them to properties in RZ20 on SolMan (as my CEN) under
    Operating System -> <server host> -> filesystems -> <file path of choice> -> Percentage_Used
    for the percentage_used i assign an auto reaction method and save it. Now it seems for some bizarre reason, some of the server hosts entries under Operating Systems disappear at the next auto refresh and reappear and i lose my assigned auto reaction methods, which means i have to redo it again.
    does anyone else have or had this problem and have a solution for this?
    your help would be much appreciated.

    I would not encourage using root user.
    Your oracle user may not have the correct permissions. You need to ensure that oracle is in the required OS group and have the required privileges and file persmissions. Ensure that was run during your install.
    If you check the corresponding trace files under
    $ORACLE_HOME/sysman/log/ you may find more detailed message.
    e.g emagent.trc

  • OTL Error - Hrs - Element link does not exist for the duration of the entry

    We had a few new people start just before xmas however when the person entering their record did it, they didn't date-track the additional assignment time information record to the start of the week (they did however correctly date-track their employee and assignment record) so when the timecard was filled in errors were thrown up.
    Since then I have gone back into the employees assignment time record, purged it and then re-created it effective from the week beginning.
    However when we try to enter time for them now using delegated self service, the following error is shown for the two days which were originally excluded from the date-tracked record:
    Hrs - Element link does not exist for the duration of the entry Cause: The link has been purged or date effectively deleted. Action: Check the effective start and end dates on the link definitions for this element. The original record should have been created from the 19th dec 2009 however was done from the 23rd by accident. I have since been in and replaced it with a record effective from the 19th.
    I have re-run the security list generation (we are using static list).
    The only thing I can find on metalink is 372086.1 which doesn't really describe the problem or help!!
    The people don't appear in the timekeeper form though which is strange. I really can't see any reason why their record isn't valid - no data is missing. Do I need to run a job to update the information or something?
    We are using

    Well would you believe it!? After much late night meddling around, I noticed one employee worked! There was absolutely no difference in any settings between his record and a persons who did not work. So I went into another employees record, changed his name and saved (correcting). Tried again and he worked fine! So, just by changing the employee name it seems to have worked for self service! I still cannot see them in timekeeper which is worrying however at least we can get time in for them now!
    If anyone knows why I may not be able to see them in timekeeper (even using an un-secured responsibility) then that would be a great help! :)

  • Alternative For tabIndex

    Hi Friends,
    I am using JDeveloper 11.1.2 .In my application I need to achieve tab order. In adf I can't find the tab index.I need the alternative for tab index in adf.Any type of suggestions always welcome.
    Thanks ,
    Arun D.

    Controlling tab order in an ADF Form
    How-to control the keyboard tab behavior in a LOV field
    ADF Faces setting the tab order between fields

  • Alternative for EXEC command(Native SQL)

    Hi Friends,
             While Using the EXEC command in native sql it is showing the obselete Error  , Can  any one help  with giving the alternative for the commands for native SQl.

    In a Native SQL statement, data is passed between the ABAP program and the database using host variables. A host variable is an ABAP variable that is identified as such in the Native SQL statement by a preceding colon (:).
    Displaying an extract from the table AVERI_CLNT:
    DATA: F1(3), F2(3), F3(3).
    F3 = ' 1 '.
             WHERE ARG2 = :F3
    WRITE: / F1, F2.
    To simplify the form of the INTO lists in the SELECT statement, you can, as in Open SQL, specify a single structure as the target area.
    Displaying an Extract from the Table AVERI_CLNT:
            CLIENT(3), ARG1(3), ARG2(3),
          END OF WA.
    DATA  F3(3).
    F3 = ' 1 '.
             WHERE ARG2 = :F3
    Native SQL supports the directly-executable commands of your underlying database system. There are other special commands that you can use after the EXEC SQL statement for cursor handling, stored procedures (procedures stored in the database), and connections to other databases.
    Cursor Processing

  • Alternative for replaceAll()

    the replaceAll(String,String) is supported in java version 1.4 only and not in 1.3. can anyone suggest an alternative for the function in java 1.3?

    There's a regex package for 1.3 that the 1.4 stuff is based on. I think it's hosted at apache or sourceforge. Google for it.

  • Alternative for SE16

    Is there any alternative for SE16 to check number of entries in tables.
    Scenario is,
    Based on filter company code, find number of records in BKPF and then in BSEG. Is they any other way?

    Hello Mark,
    thanks for reply.
    I am checking if there is any alternative for SE16.
    Since the BSEG table is big and in most of the cases in foreground with SE16 it will give time out error.
    i know we can check by running SE16 in background job.
    This is the reason I am wondering if there is any another option.

  • Alternative for inner joins

    please check this code and suggest me of an alternative for this performance wise.
    SELECT b~partner
                      TABLE t_db_pos_match
                        FROM adrc AS a
                        JOIN but020 AS b
                          ON   aaddrnumber = baddrnumber
                        JOIN but000 AS c
                          ON   bpartner    = cpartner
                        WHERE  c~partner   NE t_bp_obj-act-ekun-partner
                          AND  c~mc_name1   = t_bp_obj-act-ekun-name_last
                          AND  a~city1      = wa-city1
                          AND  a~post_code1 = wa-post_code1
                          AND  a~po_box     = wa-po_box
                          AND  a~street     = wa-street
                          AND  a~house_num1 = wa-house_num1
                          AND  a~house_num2 = wa-house_num2
                          AND  a~region     = wa-region
                          AND  a~addr_group = 'BP'.
    awaiting your reply.

                          WITH UNIQUE KEY CARRID CONNID FLDATE.
          FROM SPFLI
          FROM SFLIGHT
                CONNID = ENTRY_TAB-CONNID.

Maybe you are looking for