Configuring Static LSN Maps
The Citrix ADC appliance supports manual creation of a one-to-one LSN mapping between a subscriber IP address:port and a NAT IP address:port. Static LSN mappings are useful in cases where you want to ensure that the connections initiated to a NAT IP:Port maps to the subscriber IP address:Port. For example, Web servers located in the internal network.
To create a static LSN mapping by using the command line interface
At the command prompt, type:
add lsn static <name> <transportprotocol> <subscrIP> <subscrPort> [-td <positive_integer>] [<natIP> [<natPort>]] [-destIP <ip_addr> [-dsttd <positive_integer>]]
- show lsn static
<!--NeedCopy-->
To create a static LSN mapping by using the configuration utility
Navigate to System > Large Scale NAT > Static, and add a new static mapping.
Parameter Descriptions (of commands listed in the CLI procedure)
add lsn static name
Name for the LSN static mapping entry. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the LSN group is created. The following requirement applies only to the CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “lsn static1” or ‘lsn static1’). This is a mandatory argument. Maximum Length: 127
transportprotocol
Protocol for the LSN mapping entry. This is a mandatory argument. Possible values: TCP, UDP, ICMP
subscrIP
IPv4 address of an LSN subscriber for the LSN mapping entry. This is a mandatory argument.
subscrPort
Port of the LSN subscriber for the LSN mapping entry. This is a mandatory argument. Maximum value: 65535
td
ID of the traffic domain to which the subscriber belongs. If you do not specify an ID, the subscriber is assumed to be a part of the default traffic domain. Default value: 0, Minimum value: 0, Maximum value: 4094
natIP
IPv4 address, already existing on the Citrix ADC appliance as type LSN, to be used as NAT IP address for this mapping entry.
natPort
NAT port for this LSN mapping entry.
destIP
Destination IP address for the LSN mapping entry.
dsttd
ID of the traffic domain through which the destination IP address for this LSN mapping entry is reachable from the Citrix ADC appliance. If you do not specify an ID, the destination IP address is assumed to be reachable through the default traffic domain, which has an ID of 0. Default value: 0, Minimum value: 0, Maximum value: 4094
Wildcard Port Static Maps
A static mapping entry is usually a one-to-one LSN mapping between a subscriber IP address:port and a NAT IP address:port. A one-to-one static LSN mapping entry exposes only one port of the subscriber to the Internet.
Some situations might require exposing all ports (64K) of a subscriber to the Internet (for example, a server hosted on an internal network and running a different service on each port). To make these internal services accessible through the Internet, you have to expose all the ports of the server to the Internet.
One way to meet this requirement is to add 64K one-to-one static mapping entries, one mapping entry for each port. Creating 64K entries is very cumbersome and a big task. Also, this large number of configuration entries might lead to performance issues in the Citrix ADC appliance.
Another simple method is to use wildcard ports in a static mapping entry. You just need to create one static mapping entry with NAT-port and subscriber-port parameters set to the wildcard character (*), and the protocol parameter set to ALL, to expose all the ports of a subscriber to the Internet. For a subscriber’s inbound or outbound connections matching a wildcard static mapping entry, the subscriber’s port does not change after the NAT operation.
When a subscriber-initiated connection to the Internet matches a wildcard static mapping entry, the Citrix ADC appliance assigns a NAT port that has the same number as the subscriber port from which the connection is initiated. Similarly, an Internet host gets connected to a subscriber’s port by connecting to the NAT port that has the same number as the subscriber’s port.
Configuring the Citrix ADC appliance to Provide Access to All Ports of an IPv4 Subscriber
To configure the Citrix ADC appliance to provide access to all ports of an IPv4 subscriber, create a wildcard static map with the following mandatory parameter settings:
- Protocol=ALL
- Subscriber port = *
- NAT port = *
In a wildcard static map, unlike in a one-to-one static map, setting the NAT IP parameter is mandatory. Also, the NAT IP address assigned to a wildcard static map cannot be used for any other subscribers.
To create a wildcard static map by using the command line interface
At the command prompt, type:
add lsn static <name> ALL <subscrIP> * <natIP> * [-td <positive_integer>] [-destIP <ip_addr> [-dsttd <positive_integer>]]
show lsn static
<!--NeedCopy-->
Sample Configuration
In the following sample configuration of a wildcard static map, all ports of a subscriber whose IP address is 192.0.2.10 are made accessible through NAT IP 203.0.11.33.
Sample configuration:
add lsn static NAT44-WILDCARD-STATIC-1 ALL 192.0.2.10 * 203.0.113.33 *
Done
<!--NeedCopy-->
In this article
- To create a static LSN mapping by using the command line interface
- To create a static LSN mapping by using the configuration utility
- Parameter Descriptions (of commands listed in the CLI procedure)
- Wildcard Port Static Maps
- Configuring the Citrix ADC appliance to Provide Access to All Ports of an IPv4 Subscriber