I have never known this to work. While it may be a feature request, I wouldn't consider it a bug. The typical workflow would have you connecting directly to the other VM on your own subnet.

That being said, here are a couple of suggestions.

You could look at the routing/firewall configuration on the virtual router to see if you can make it work. Search for ssvm troubleshooting to see how to login to system VMs. Please note, any changes you make will be lost if the virtual router is destroyed and re-created, and possibly if it is rebooted (not sure here).

I would also look at the Firewall configuration, in the UI, for this public IP. Not sure if it works to grant access to a private CIDR.

Good Luck,
--Mike

Yep. Might be typical workflow, but, as mentioned, we have a third party product which doesn't work that way.

We're using Chef inside a control system to control both the control system itself (inside one private subnet) and a bunch of target systems (inside their own private subnets). Chef insists on having one and only one access IP from controlled targets. For internal systems it would be the private ip address (as you say normal workflow is); for the external systems it would be the public IP of the control system.

Yep - we're looking at hacking the VR - but it has the problems you mentioned. There are work arounds, but we're being forced to do unnatural things because this doesn't work - which is unexpected. Bug or feature request - its a challenge for running a server, with a single DNS entry, behind the VR. Which would seem to be a "normal and expected" use case.

Thanks -

Stephen

Hi Stephen.

I am struggling to get the first part of your config working... I also need to create a private subnet, and allow the VMs inside to communicate to the outside world (I am using an advanced network) via a public IP

I have created an Isolated guest network, with a VLAN ID of 400, the CIDR is 10.103.12.0/24, and i set the default gateway to 10.103.12.1. The network offering used is the "DefaultIsolatedNetworkOfferingWithSourceNat".

IP range available to guests is 10.103.12.10 - 10.103.12.100.

I have a public CIDR, on VLAN 102, with a CIDR of 10.103.8.0/22

When I deploy the first VM on this network, the virtual router gets deployed but uses the first available IP (10.103.12.10)... I had assumed the router would get the default gateway address (10.103.12.1)?

The VM then gets an IP from the guest CIDR... eg 10.103.12.33

My question is... what do i need to do next to static NAT this address to a Public IP?

Thanks in advance

Andy

Stephen, this may not work as you observed and hacking may not yield in a stable solution.

What version of the software are you running?

My recommendation would be to engage with Citrix support and get a proper fix for this requirement.

Regards,
Somesh