Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
838
Views
0
Helpful
3
Replies

ACE 4710 A3(5) Logging new connections

btorrens1
Level 1
Level 1

‎08-01-2011 09:31 AM

We have recently transitioned one of our Ecommerce products to a new data center, at which we now use a one-armed load balancing approach rather then the routed load balancing approach we used previously. This is casuing us some issues as we generally log the source IP address a user comes in on when he fills out an application. Now the logs only show the natted ip address recieved by the load balancer, which does us no good. What I was hoping is that someone knew a way to log the source IP address when a new connection is created to a particular vip? Any ideas?

Labels:
0 Helpful
3 Replies 3

litrenta
Level 3
Level 3

‎08-01-2011 09:48 AM

If this is http traffic you can have the ace insert a header such as X-Forwarded-For and insert the original client ip.

The you would have your server log this ip from the header (do google search on X-forwarded-for for server details )

see:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1131842

for how to do header insert.

IF the connection is not http the only way to preserve client ip would be to use policy-based routing to get the server return traffic back to the ace instead of using source nat.

0 Helpful

btorrens1
Level 1
Level 1
In response to litrenta

‎08-01-2011 09:50 AM

The connections will be https.

0 Helpful

btorrens1
Level 1
Level 1
In response to btorrens1

‎08-01-2011 10:09 AM

If this is http traffic you can have the ace insert a header such as X-Forwarded-For and insert the original client ip.

So your saying something like....

header insert request X-Forwarded-For %is

and insert this parameter map to the virtual server? Will this work for HTTPS?

The you would have your server log this ip from the header (do google search on X-forwarded-for for server details )

see:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html#wp1131842

for how to do header insert.

IF the connection is not http the only way to preserve client ip would be to use policy-based routing to get the server return traffic back to the ace instead of using source nat.

0 Helpful
Customers Also Viewed These Support Documents