thanks

if i issue a show conn - will i see two connections? One from client to VIP - then another from VIP to rserver?but the packet the rserver sees has the source IP of the client?

Bryan,

By default the ACE does not change the IP of the client , so the rserver will see the client real IP.

But you can configure the ACE to do NAT of the client , so that the rserver couldn't see the client real ip.

The second case is the case in which the rserver has other default gateway then the ACE, and the client would be NATed to an ip from the same segment of the rserver.

Dan

If there are some active connections , you can try "show xlate" to see if there is any NAT configuration in place.

Dan

i am confused - here is what is in this doc:

"Client requests will arrive at the VIP, and the ACE will pick the  appropriate server and then use the destination Network Address  Translation (NAT) to send the client request to the server. The server  will respond using the interface VLAN of the ACE as its default gateway  to the client. The ACE will then change the source IP to be the VIP and  forward the response to the client via the MSFC."

so the communication is always natted to the vip, and the onyl thing that makes the flows different is the src ports?

http://docwiki.cisco.com/wiki/Basic_Load_Balancing_Using_Routed_Mode_on_the_Cisco_Application_Control_Engine_Configuration_Example

Yes (src port being the client port) . From the clients point of view , there is only one IP and one dst port ( in case of an application ).

Dan

Hi Bryan,

i have a query somewhat similar to yours. I hope this helps abit in understanding how the "show conn" works

https://supportforums.cisco.com/thread/2042187?tstart=0