Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
785
Views
0
Helpful
2
Replies

ACE bridged mode query

Go to solution
michaellambert1980
Level 1
Level 1

‎01-12-2012 02:43 AM

Hi.

I've typically deployed contexts in one-armed mode and used source NAT to route traffic back to the ACE from a server farm.  This has worked well, however I have an application requirement to use the source IP address of the client to identify who it is and to use this information to give it specific application permissions.  Using one armed mode doesn't allow this function as the application servers see the source IP as a nat pool on the ACE, not the client's true IP).

I've seen that bridged mode would only involve destination NAT and the application servers will see a source IP of the client (not NAT pool on ACE) which would solve my problem.  Plus I don't have to change the default gateway on the app server from the MSFC HSRP address. 

My query is:  If I have other servers on the same vlan / ip subnet that are not part of this application serverfarm, would deploying a context in bridged mode cause any issues with these servers?  Or would the servers just see the MSFC HSRP address and not see the ACE context at all? 

Many thanks.

Mick.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎01-12-2012 05:07 AM

Hi Mick,

In bridged mode, any traffic that is not destined to a VIP or the ACE itself is transparently bridged from one vlan to the other, so, any server behind the ACE would still be reachable after the change even if it's not part of the load-balancing configuration.

I hope this answers your question

Daniel

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎01-12-2012 05:07 AM

Hi Mick,

In bridged mode, any traffic that is not destined to a VIP or the ACE itself is transparently bridged from one vlan to the other, so, any server behind the ACE would still be reachable after the change even if it's not part of the load-balancing configuration.

I hope this answers your question

Daniel

0 Helpful

Go to solution
michaellambert1980
Level 1
Level 1
In response to Daniel Arrondo Ostiz

‎01-13-2012 05:39 AM

Hi Daniel.

Thanks for the clarification.  I had a quick go at it but it couldn't get it to work.  I'm going down the route of using X-Forwarded-For http header insert in one-armed mode and getting the application developers to write code to handle it.  Hopefully then we'll get around the problem. 

Thanks for the help.

Mick.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card