09-09-2008 01:15 AM
Hi
We are intending to use and ACE appliance to re-direct web traffic to a set of proxy servers. The proxy mechanism is transparent proxy, and there for the clients IP address are not VIPs but real IPs on the internet. I'm unclear on how to set this up. Especially, how to do transparent redirection of traffic on the ACE(and whether that is possible for that matter)
Can some one pls help.
09-09-2008 01:42 AM
you need to setup a serverfarm that has your proxy defined as real server.
Then use the keyword 'transparent' inside the serverfarm to make it transparent.
Create a class-map to catch the traffic you need.
ie:
class-map Http-Proxy
match port tcp eq 80
Then associate the class-map and serverfarm in a policy
ie:
policy-map type loadbalance first MyProxy
class class-default
serverfarm ....
policy-map multimatch VlanX
class Http-proxy
loadbalance policy MyProxy
loadbalnce vip inservice
!
Gilles.
09-09-2008 02:07 AM
HI
Thanks. I understand the configs on classmap and policy map. But whats the requirement to define the server farm as transparent?
also can you point out how to set that up
thanks again
09-09-2008 03:15 AM
By setting the serverfarm in transparent mode you instruct ACE not to nat the destination address when forwarding to the proxy.
The default mode is to nat the destination with the real server ip address.
The serverfarm config would look like this :
serverfarm MyProxy
transparent
rserver Proxy 1
inservice
!
Gilles.
09-09-2008 03:29 AM
hi
great, that was really helpful, But for this to happen is there a specific constraint on the operating mode (routed or bridged?)
also, is there a specific doc on which i can find this info(like the transparent command on the server farm config?)
you are being very helpful and I really appreciate that
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide