Home > Configuration > Lsn |
| Lsn |
large scale nat commands |
Configuration APIs |
Use this method to add LSN Application Port ATTRIBUTES. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to add LSN Application Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to add LSN Client. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to add LSN Group. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to add LSN HTTP header logging Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to add LSN IP6 profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to add LSN logging Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to add LSN Pool. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to add LSN RTSPALG Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to add LSN SIPALG Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to add LSN Static Mapping. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to add LSN Transport Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to bind appsattributes to lsn appsprofile. |
Use this method to bind lsnport to lsn appsprofile. |
Use this method to bind acl6 to lsn client. |
Use this method to bind acl to lsn client. |
Use this method to bind network to lsn client. |
Use this method to bind network6 to lsn client. |
Use this method to bind td to lsn client. |
Use this method to bind appsprofile to lsn group. |
Use this method to bind httphdrlogprofile to lsn group. |
Use this method to bind ipsecalgprofile to lsn group. |
Use this method to bind logprofile to lsn group. |
Use this method to bind pcpserver to lsn group. |
Use this method to bind pool to lsn group. |
Use this method to bind rtspalgprofile to lsn group. |
Use this method to bind sipalgprofile to lsn group. |
Use this method to bind transportprofile to lsn group. |
Use this method to bind lsnip to lsn pool. |
Use this method to bind ownernode to lsn pool. |
Use this method to flush RTSP session. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to flush LSN Session. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to flush LSN Session. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get LSN Application Port ATTRIBUTES. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get LSN Application Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get LSN Client. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get LSN deterministic. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get LSN Group. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get LSN HTTP header logging Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get LSN IP6 profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get LSN logging Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get the global configuration of the LSN. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get LSN Pool. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get LSN RTSPALG Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get LSN RTSP session. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get LSN Session. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get LSN sipalgcall. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get LSN SIPALG Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get LSN Static Mapping. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to get LSN Transport Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to remove LSN Application Port ATTRIBUTES. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to remove LSN Application Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to remove LSN Client. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to remove LSN Group. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to remove LSN HTTP header logging Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to remove LSN IP6Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to remove LSN logging Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to remove LSN Pool. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to remove LSN RTSPALG Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to remove LSN SIPALG Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to remove LSN Static Mapping. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to remove LSN Transport Profile. NOTE: This method is deprecated. LSN related configuration methods are being deprecated will be removed in a future release |
Use this method to set timeout, in seconds, for an idle LSN session. If an LSN session is idle for a time that exceeds this value, the Citrix ADC removes the session.This timeout does not apply for a TCP LSN session when a FIN or RST message is received from either of the endpoints. |
Use this method to set type of filter to apply to packets originating from external hosts. Consider an example of an LSN mapping that includes the mapping of subscriber IP:port (X:x), NAT IP:port (N:n), and external host IP:port (Y:y). Available options function as follows: * ENDPOINT INDEPENDENT - Filters out only packets not destined to the subscriber IP address and port X:x, regardless of the external host IP address and port source (Z:z). The Citrix ADC forwards any packets destined to X:x. In other words, sending packets from the subscriber to any external IP address is sufficient to allow packets from any external hosts to the subscriber. * ADDRESS DEPENDENT - Filters out packets not destined to subscriber IP address and port X:x. In addition, the ADC filters out packets from Y:y destined for the subscriber (X:x) if the client has not previously sent packets to Y:anyport (external port independent). In other words, receiving packets from a specific external host requires that the subscriber first send packets to that specific external host's IP address. * ADDRESS PORT DEPENDENT (the default) - Filters out packets not destined to subscriber IP address and port (X:x). In addition, the Citrix ADC filters out packets from Y:y destined for the subscriber (X:x) if the subscriber has not previously sent packets to Y:y. In other words, receiving packets from a specific external host requires that the subscriber first send packets first to that external IP address and port. |
Use this method to set nAT IP address allocation options for sessions associated with the same subscriber. Available options function as follows: * Paired - The Citrix ADC allocates the same NAT IP address for all sessions associated with the same subscriber. When all the ports of a NAT IP address are used in LSN sessions (for same or multiple subscribers), the Citrix ADC ADC drops any new connection from the subscriber. * Random - The Citrix ADC allocates random NAT IP addresses, from the pool, for different sessions associated with the same subscriber. This parameter is applicable to dynamic NAT allocation only. |
Use this method to set enable l2info by creating natpcbs for LSN, which enables the Citrix ADC to use L2CONN/MBF with LSN. |
Use this method to set type of LSN mapping to apply to subsequent packets originating from the same subscriber IP address and port. Consider an example of an LSN mapping that includes the mapping of the subscriber IP:port (X:x), NAT IP:port (N:n), and external host IP:port (Y:y). Available options function as follows: * ENDPOINT-INDEPENDENT - Reuse the LSN mapping for subsequent packets sent from the same subscriber IP address and port (X:x) to any external IP address and port. * ADDRESS-DEPENDENT - Reuse the LSN mapping for subsequent packets sent from the same subscriber IP address and port (X:x) to the same external IP address (Y), regardless of the external port. * ADDRESS-PORT-DEPENDENT - Reuse the LSN mapping for subsequent packets sent from the same internal IP address and port (X:x) to the same external IP address and port (Y:y) while the mapping is still active. |
Use this method to set enable TCP proxy, which enables the Citrix ADC to optimize the TCP traffic by using Layer 4 features. |
Use this method to set iD of the traffic domain through which the Citrix ADC sends the outbound traffic after performing LSN. If you do not specify an ID, the ADC sends the outbound traffic through the default traffic domain, which has an ID of 0. |
Use this method to set enable Application Layer Gateway (ALG) for the FTP protocol. For some application-layer protocols, the IP addresses and protocol port numbers are usually communicated in the packet's payload. When acting as an ALG, the Citrix ADC changes the packet's payload to ensure that the protocol continues to work over LSN. Note: The Citrix ADC also includes ALG for ICMP and TFTP protocols. ALG for the ICMP protocol is enabled by default, and there is no provision to disable it. ALG for the TFTP protocol is disabled by default. ALG is enabled automatically for an LSN group when you bind a UDP LSN application profile, with endpoint-independent-mapping, endpoint-independent filtering, and destination port as 69 (well-known port for TFTP), to the LSN group. |
Use this method to set enable the FTP connection mirroring for specified LSN group. Connection mirroring (CM or connection failover) refers to keeping active an established TCP or UDP connection when a failover occurs. |
Use this method to set log mapping entries and sessions created or deleted for this LSN group. The Citrix ADC logs LSN sessions for this LSN group only when both logging and session logging parameters are enabled. The ADC uses its existing syslog and audit log framework to log LSN information. You must enable global level LSN logging by enabling the LSN parameter in the related NSLOG action and SYLOG action entities. When the Logging parameter is enabled, the Citrix ADC generates log messages related to LSN mappings and LSN sessions of this LSN group. The ADC then sends these log messages to servers associated with the NSLOG action and SYSLOG actions entities. A log message for an LSN mapping entry consists of the following information: * NSIP address of the Citrix ADC * Time stamp * Entry type (MAPPING or SESSION) * Whether the LSN mapping entry is created or deleted * Subscriber's IP address, port, and traffic domain ID * NAT IP address and port * Protocol name * Destination IP address, port, and traffic domain ID might be present, depending on the following conditions: ** Destination IP address and port are not logged for Endpoint-Independent mapping ** Only Destination IP address (and not port) is logged for Address-Dependent mapping ** Destination IP address and port are logged for Address-Port-Dependent mapping |
Use this method to set size of the NAT port block to be allocated for each subscriber. To set this parameter for Dynamic NAT, you must enable the port block allocation parameter in the bound LSN pool. For Deterministic NAT, the port block allocation parameter is always enabled, and you cannot disable it. In Dynamic NAT, the Citrix ADC allocates a random NAT port block, from the available NAT port pool of an NAT IP address, for each subscriber. For a subscriber, if all the ports are allocated from the subscriber's allocated port block, the ADC allocates a new random port block for the subscriber. The default port block size is 256 for Deterministic NAT, and 0 for Dynamic NAT. |
Use this method to set enable the PPTP Application Layer Gateway. |
Use this method to set enable the RTSP ALG. |
Use this method to set log sessions created or deleted for the LSN group. The Citrix ADC logs LSN sessions for this LSN group only when both logging and session logging parameters are enabled. A log message for an LSN session consists of the following information: * NSIP address of the Citrix ADC * Time stamp * Entry type (MAPPING or SESSION) * Whether the LSN session is created or removed * Subscriber's IP address, port, and traffic domain ID * NAT IP address and port * Protocol name * Destination IP address, port, and traffic domain ID |
Use this method to set in a high availability (HA) deployment, synchronize information of all LSN sessions related to this LSN group with the secondary node. After a failover, established TCP connections and UDP packet flows are kept active and resumed on the secondary node (new primary). For this setting to work, you must enable the global session synchronization parameter. |
Use this method to set enable the SIP ALG. |
Use this method to set maximum number of SNMP Trap messages that can be generated for the LSN group in one minute. |
Use this method to set host information is logged if option is enabled. |
Use this method to set hTTP method information is logged if option is enabled. |
Use this method to set uRL information is logged if option is enabled. |
Use this method to set version information is logged if option is enabled. |
Use this method to set name of the Analytics Profile attached to this lsn profile. |
Use this method to set logs in Compact Logging format if option is enabled. |
Use this method to set logs in IPFIX format if option is enabled. |
Use this method to set lSN Session deletion will not be logged if disabled. |
Use this method to set subscriber ID information is logged if option is enabled. |
Use this method to set amount of Citrix ADC memory to reserve for the LSN feature, in multiples of 2MB. Note: If you later reduce the value of this parameter, the amount of active memory is not reduced. Changing the configured memory limit can only increase the amount of active memory. This method is deprecated, use 'set extendedmemoryparam -memlimit' instead. NOTE: This attribute is deprecated. |
Use this method to set synchronize all LSN sessions with the secondary node in a high availability (HA) deployment (global synchronization). After a failover, established TCP connections and UDP packet flows are kept active and resumed on the secondary node (new primary). The global session synchronization parameter and session synchronization parameters (group level) of all LSN groups are enabled by default. For a group, when both the global level and the group level LSN session synchronization parameters are enabled, the primary node synchronizes information of all LSN sessions related to this LSN group with the secondary node. |
Use this method to set lSN global setting for controlling subscriber aware session removal, when this is enabled, when ever the subscriber info is deleted from subscriber database, sessions corresponding to that subscriber will be removed. if this setting is disabled, subscriber sessions will be timed out as per the idle time out settings. |
Use this method to set maximum number of ports for which the port reallocation timeout applies for each NAT IP address. In other words, the maximum deallocated-port queue size for which the reallocation timeout applies for each NAT IP address. When the queue size is full, the next port deallocated is reallocated immediately for a new LSN session. |
Use this method to set the waiting time, in seconds, between deallocating LSN NAT ports (when an LSN mapping is removed) and reallocating them for a new LSN session. This parameter is necessary in order to prevent collisions between old and new mappings and sessions. It ensures that all established sessions are broken instead of redirected to a different subscriber. This is not applicable for ports used in: * Deterministic NAT * Address-Dependent filtering and Address-Port-Dependent filtering * Dynamic NAT with port block allocation In these cases, ports are immediately reallocated. |
Use this method to set idle timeout for the rtsp sessions in seconds. |
Use this method to set port for the RTSP |
Use this method to set rTSP ALG Profile transport protocol type. |
Use this method to set idle timeout for the data channel sessions in seconds. |
Use this method to set eNABLE/DISABLE ContactPinhole creation. |
Use this method to set eNABLE/DISABLE RecordRoutePinhole creation. |
Use this method to set eNABLE/DISABLE RegisterPinhole creation. |
Use this method to set eNABLE/DISABLE RoutePinhole creation. |
Use this method to set eNABLE/DISABLE ViaPinhole creation. |
Use this method to set sIP registration timeout in seconds. |
Use this method to set eNABLE/DISABLE rport. |
Use this method to set destination port range for SIP_UDP and SIP_TCP. |
Use this method to set sIP control channel session timeout in seconds. |
Use this method to set source port range for SIP_UDP and SIP_TCP. |
Use this method to set sIP ALG Profile transport protocol type. |
Use this method to set timeout, in seconds, for a TCP LSN session after a FIN or RST message is received from one of the endpoints. If a TCP LSN session is idle (after the Citrix ADC receives a FIN or RST message) for a time that exceeds this value, the Citrix ADC ADC removes the session. Since the LSN feature of the Citrix ADC does not maintain state information of any TCP LSN sessions, this timeout accommodates the transmission of the FIN or RST, and ACK messages from the other endpoint so that both endpoints can properly close the connection. |
Use this method to set maximum number of concurrent LSN sessions(for the specified protocol) allowed for all subscriber of a group to which this profile has bound. This limit will get split across the Citrix ADCs packet engines and rounded down. When the number of LSN sessions reaches the limit for a group in packet engine, the Citrix ADC does not allow the subscriber of that group to open additional sessions through that packet engine. |
Use this method to set enable port parity between a subscriber port and its mapped LSN NAT port. For example, if a subscriber initiates a connection from an odd numbered port, the Citrix ADC allocates an odd numbered LSN NAT port for this connection. You must set this parameter for proper functioning of protocols that require the source port to be even or odd numbered, for example, in peer-to-peer applications that use RTP or RTCP protocol. |
Use this method to set if a subscriber initiates a connection from a well-known port (0-1023), allocate a NAT port from the well-known port range (0-1023) for this connection. For example, if a subscriber initiates a connection from port 80, the Citrix ADC can allocate port 100 as the NAT port for this connection. This parameter applies to dynamic NAT without port block allocation. It also applies to Deterministic NAT if the range of ports allocated includes well-known ports. When all the well-known ports of all the available NAT IP addresses are used in different subscriber's connections (LSN sessions), and a subscriber initiates a connection from a well-known port, the Citrix ADC drops this connection. |
Use this method to set maximum number of LSN NAT ports to be used at a time by each subscriber for the specified protocol. For example, each subscriber can be limited to a maximum of 500 TCP NAT ports. When the LSN NAT mappings for a subscriber reach the limit, the Citrix ADC does not allocate additional NAT ports for that subscriber. |
Use this method to set maximum number of concurrent LSN sessions allowed for each subscriber for the specified protocol. When the number of LSN sessions reaches the limit for a subscriber, the Citrix ADC does not allow the subscriber to open additional sessions. |
Use this method to set timeout, in seconds, for an idle LSN session. If an LSN session is idle for a time that exceeds this value, the Citrix ADC removes the session. This timeout does not apply for a TCP LSN session when a FIN or RST message is received from either of the endpoints. |
Use this method to set sTUN protocol timeout NOTE: This attribute is deprecated. With appsattribute user can specify timeout for ports of an application, applies for stun port too, hence specifying stuntimeout from Transport Profile is depreciated |
Use this method to set silently drop any non-SYN packets for connections for which there is no LSN-NAT session present on the Citrix ADC. If you disable this parameter, the Citrix ADC accepts any non-SYN packets and creates a new LSN session entry for this connection. Following are some reasons for the Citrix ADC to receive such packets: * LSN session for a connection existed but the Citrix ADC removed this session because the LSN session was idle for a time that exceeded the configured session timeout. * Such packets can be a part of a DoS attack. |
Use this method to set sYN Idle timeout |
Use this method to unbind appsattributes from lsn appsprofile. |
Use this method to unbind lsnport from lsn appsprofile. |
Use this method to unbind acl6 from lsn client. |
Use this method to unbind acl from lsn client. |
Use this method to unbind network from lsn client. |
Use this method to unbind network6 from lsn client. |
Use this method to unbind td from lsn client. |
Use this method to unbind appsprofile from lsn group. |
Use this method to unbind httphdrlogprofile from lsn group. |
Use this method to unbind ipsecalgprofile from lsn group. |
Use this method to unbind logprofile from lsn group. |
Use this method to unbind pcpserver from lsn group. |
Use this method to unbind pool from lsn group. |
Use this method to unbind rtspalgprofile from lsn group. |
Use this method to unbind sipalgprofile from lsn group. |
Use this method to unbind transportprofile from lsn group. |
Use this method to unbind lsnip from lsn pool. |
Use this method to unbind ownernode from lsn pool. |
Remove lsn appsattributes sessiontimeout setting. |
Remove lsn appsprofile filtering setting. |
Remove lsn appsprofile ippooling setting. |
Remove lsn appsprofile l2info setting. |
Remove lsn appsprofile mapping setting. |
Remove lsn appsprofile tcpproxy setting. |
Remove lsn appsprofile td setting. |
Remove lsn group ftp setting. |
Remove lsn group ftpcm setting. |
Remove lsn group logging setting. |
Remove lsn group portblocksize setting. |
Remove lsn group pptp setting. |
Remove lsn group rtspalg setting. |
Remove lsn group sessionlogging setting. |
Remove lsn group sessionsync setting. |
Remove lsn group sipalg setting. |
Remove lsn group snmptraplimit setting. |
Remove lsn httphdrlogprofile loghost setting. |
Remove lsn httphdrlogprofile logmethod setting. |
Remove lsn httphdrlogprofile logurl setting. |
Remove lsn httphdrlogprofile logversion setting. |
Remove lsn logprofile analyticsprofile setting. |
Remove lsn logprofile logcompact setting. |
Remove lsn logprofile logipfix setting. |
Remove lsn logprofile logsessdeletion setting. |
Remove lsn logprofile logsubscrinfo setting. |
Remove lsn parameter memlimit setting. |
Remove lsn parameter sessionsync setting. |
Remove lsn parameter subscrsessionremoval setting. |
Remove lsn pool maxportrealloctmq setting. |
Remove lsn pool portrealloctimeout setting. |
Remove lsn rtspalgprofile rtspidletimeout setting. |
Remove lsn rtspalgprofile rtspportrange setting. |
Remove lsn rtspalgprofile rtsptransportprotocol setting. |
Remove lsn sipalgprofile datasessionidletimeout setting. |
Remove lsn sipalgprofile opencontactpinhole setting. |
Remove lsn sipalgprofile openrecordroutepinhole setting. |
Remove lsn sipalgprofile openregisterpinhole setting. |
Remove lsn sipalgprofile openroutepinhole setting. |
Remove lsn sipalgprofile openviapinhole setting. |
Remove lsn sipalgprofile registrationtimeout setting. |
Remove lsn sipalgprofile rport setting. |
Remove lsn sipalgprofile sipdstportrange setting. |
Remove lsn sipalgprofile sipsessiontimeout setting. |
Remove lsn sipalgprofile sipsrcportrange setting. |
Remove lsn sipalgprofile siptransportprotocol setting. |
Remove lsn transportprofile finrsttimeout setting. |
Remove lsn transportprofile groupsessionlimit setting. |
Remove lsn transportprofile portpreserveparity setting. |
Remove lsn transportprofile portpreserverange setting. |
Remove lsn transportprofile portquota setting. |
Remove lsn transportprofile sessionquota setting. |
Remove lsn transportprofile sessiontimeout setting. |
Remove lsn transportprofile stuntimeout setting. |
Remove lsn transportprofile syncheck setting. |
Remove lsn transportprofile synidletimeout setting. |