Showing results for 
Search instead for 
Did you mean: 


ACE show conn-from VIP to rserver

We are currently doing an outbound proxy through the ACE using an external IP as an rserver.

Our internal server makes a request to the VIP on port 82 which than makes the request to the external server on 443 (rserver)

We are getting resets on this.

Our question is regarding the conn table.

The inital connection gets established to the VIP of the ACE and from the VIP to the external server

However the conn table than seems to switch from the external IP (rserver) directly to the the inside host-the vip no longer in the table

I understand that on L7 load balancing the VIP will set up the TCP connection, than cut through the connection from the

inside address to the external IP, however we are not doing this.

Here is the connection table we see

External IP's changed server (client) making outbound cal

172.20.120,19=VIP server (rserver) IP changed

conn-id    np dir proto vlan source                destination           state
1484085    1  in  TCP   151      ESTAB
1484307    1  out TCP   150    ESTAB

Then switches to a direct connection:

1360573    1  out TCP   151     ESTAB
1360577    1  in  TCP   150    ESTAB
1360640    1  out TCP   151     ESTAB
1364243    1  in  TCP   150    ESTAB

My question is this a proper flow?

Under other connections we see the VIP stay in the connection table for the duration of the connection



   This definately don't look correct.  Can you show me the configuration you are using for this VIP including the interfaces.



Hi Chris-

We opened a TAC case and we were informed that this is normal behavior since we dont have NAT'ing on the interface

OUr capture shows that after the TCP connection is established withe the ACE VIP and the rserver

and SSL conversation than begins with the real host and real server directly.

My question is...since this is happening the ACE no longer active in the conversation

I was under the impresion that the ACE only unproxies itself and "splices" the real host and real server L7

behavior...redirectong on uri..etc

policy-map type loadbalance first-match CLASS-TEST1-POLICY
  class class-default
    serverfarm -TEST1
    ssl-proxy client TEST1-SSL

If this is normal the ACE now just a pass through?

Content for Community-Ad
This widget could not be displayed.