We have a SA4500 cluster running with IVS license running on 6.5R5. We have customers in IVS using NC only. We have shared authentication server on out MSP network. Server can be accessed through the internal port . When we make internal port the default VLAN in IVS, the SA connects to the shared auth server with the internal ports IP address ( that's what we want). However, enduser NC traffic for the IVS also ends up in the internal port instead of the IVS ( Unwanted; seen with TCP dump). Published apps / services do not appear in internal port but in IVS(?). So issue only with NC, not with reverse proxy. when we make the IVS vlan the default vlan, the shared authentication server is accessed with the IVS ip address. This is an unwanted festure because than we have to perform NAT / routing for customer addresses on our MSP network. So bottom line: Is this NC traffic ending up in the internal port network when default VLAN is internal port a bug or by design? We think it is not implemented correctly. Ideas anyone?
... View more