Users find RNAT does not take precedence when USIP is enabled but works as expected when USIP is disabled. The RNAT configuration is configured by referring to https://support.citrix.com/article/CTX122909 and RNAT should take precedence.
 

• An RNAT rule does take precedence over the normal NAT behavior of a NetScaler appliance when accessing a virtual server. For example;

  • The client is 2.2.2.2, the virtual IP address is 1.1.1.50, and the server is 192.168.2.20. The virtual IP address has the real server bound to it.
  • When Use Source IP (USIP) is set to OFF in a NetScaler appliance, and the client connects to the virtual IP address, the server sees the SNIP of the appliance as the source IP address in the connection.
  • When USIP is set to ON in the appliance and the client connects to the virtual IP address, the server sees the actual client IP address as the source IP address in the connection.
  • When USIP is set to either ON or OFF in the appliance, and there is an RNAT configuration that matches the source IP of the client (whether using ACLs or not), when the client connects to the virtual IP address, the server sees the RNAT IP address as the source IP address in the connection.

• You can also use a virtual IP address as the RNAT IP address.

Problem Cause

This is a known issue that was solved in Citrix ADC versions 12.1-62.21 or newer.