NetScaler – One vServer Fits All

by

The NetScaler ‘E’ – or enhancement – releases sometimes contain important or very useful features – when Citrix XenMobile was originally released, it required that the NetScaler use the latest ‘e’ release. One feature of particular interest in the latest e releases is the ability to use a vServer for both content switching AND Access Gateway. This may not be that valuable for some organizations, but if you don’t have many external IP addresses, this can be a life saver.

First, you’ll need to upgrade your NetScaler to the latest e release – which at the time of this writing is 10.5 55.8007.e.nc. Next you need to be aware that the features that are a part of the standard releases do not necessarily match the e releases. For example, in the 55.8007.e release, the ability to turn on TLS v1.1 and v1.2 in a VPX is not available.

*6/30/2015 Update: This is now possible with the NetScaler 11 build – the upgrade is covered here.

For a brief overview of the branches, view this post: http://blogs.citrix.com/2013/03/29/citrix-access-gateway-demystifying-the-e-releases/

Once you have the correct build installed you can begin using the added features. For this feature, I had initially thought that I would be able to add an Access Gateway vServer as a Content Switching vServer target – this is not the case – the below vServers are all standard load balancing vServers:

The way this feature works is the other way around – Content Switching policies are actually bound to the Access Gateway vServer. Select them from the CAG\VPN vServer:

Then add the CSW policies just as you would on a CSW vServer:

You now have a Content Switching vServer whose default content switching policy is an Access Gateway\VPN vServer.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.