CTX491477 New
Role of Spoofed IP address in FQDN Based Tunneling
Applicable Products : Citrix ADCCitrix Gateway
By design, if there’s any hostname-based application configured on ADC then client adds a concept of Spoofed IP range [ used on client side for masking the DNS resolutions]. Based on VPN plugin’s architecture, this spoofed IP range (a configurable range on ADC) should be disjoint from any intranet application present on ADC. If not, then that particular intranet resource access will be affected, and end-users won’t be able to access those resources. If there’s no separate configuration made for FQDN spoofed IP range, then 172.16.0.0/16 is used by default. If the network setup clashes with the same [ either with intranet applications on ADC or local subnet on client machine or any NAT’ing done] then the spoofed Ip range should be reconfigured on the ADC by setting a new range that is not being used in the internal network. Required configuration is set vpn parameter -fqdnSpoofedIP 192.168.0.0 -netmask 255.255.0.0 Reference engineering ticket – NSHELP-23912
Read full article (Citrix.com)
All content and images belong to their respected owners, this article is curated for informational purposes only.
