Hello, I have to change in configuration to not use NAT and have the client IP (transparent mode).
My configuration:
ssh maxsessions 1
access-list ANY line 8 extended permit icmp any any
access-list ANY line 16 extended permit ip any any
probe icmp PROBE_PING
interval 30
probe tcp PROBE_TCP
interval 30
rserver host WEB_1
ip address 172.16.10.11
conn-limit max 50000 min 40000
weight 1
inservice
rserver host WEB_1AND1
ip address 82.165.194.101
conn-limit max 50000 min 40000
inservice
rserver host WEB_2
ip address 172.16.10.10
conn-limit max 50000 min 40000
weight 1
inservice
serverfarm host FARM_HTTPS
transparent
predictor leastconns
probe PROBE_TCP
rserver WEB_1 443
inservice
rserver WEB_2 443
inservice
serverfarm host FARM_WEB
transparent
predictor leastconns
probe PROBE_TCP
rserver WEB_1
inservice
rserver WEB_2
inservice
serverfarm host FARM_WP
transparent
probe PROBE_TCP
rserver WEB_1
inservice
parameter-map type http HTTP_PARAMETER_MAP
no persistence-rebalance
class-map match-all FARM_HTTPS
2 match virtual-address 178.33.0.129 tcp eq https
class-map match-all L4-WEB-IP
2 match virtual-address 178.33.0.129 tcp eq www
class-map type management match-all PUBLIC_REMOTE
2 match protocol ssh source-address 82.165.194.101 255.255.255.255
class-map type management match-all REMOTE_ACCESS
2 match protocol ssh any
class-map type management match-any SECURE_HTTPS
2 match protocol https any
3 match protocol ssh any
class-map type http loadbalance match-all WP_BLOG
2 match http header Host header-value "www[.]WEB[.]com"
3 match http url /blog.*
class-map type http loadbalance match-all WP_ECO
2 match http header Host header-value "www[.]WEB[.]com"
3 match http url /eco.*
class-map type http loadbalance match-all WP_INFO
2 match http header Host header-value "www[.]WEB[.]com"
3 match http url /info.*
class-map match-all public_remote
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
class REMOTE_ACCESS
permit
policy-map type management first-match REMOTE_PUBLIC_MGMT
class PUBLIC_REMOTE
permit
class SECURE_HTTPS
permit
policy-map type management first-match SECURE_HTTPS_POLICY
class SECURE_HTTPS
permit
policy-map type loadbalance http first-match FARM_HTTPS_POLICY
class class-default
serverfarm FARM_HTTPS
insert-http x-forward header-value "%is"
policy-map type loadbalance http first-match WEB_L7_POLICY
class WP_ECO
serverfarm FARM_WP
insert-http x-forward header-value "%is"
class WP_INFO
serverfarm FARM_WP
insert-http x-forward header-value "%is"
class WP_BLOG
serverfarm FARM_WP
insert-http x-forward header-value "%is"
class class-default
serverfarm FARM_WEB
insert-http x-forward header-value "%is"
policy-map multi-match POLICY_HTTPS
class FARM_HTTPS
loadbalance vip inservice
loadbalance policy FARM_HTTPS_POLICY
loadbalance vip icmp-reply active
nat dynamic 1 vlan 2222
appl-parameter http advanced-options HTTP_PARAMETER_MAP
policy-map multi-match WEB-to-vIPs
class L4-WEB-IP
loadbalance vip inservice
loadbalance policy WEB_L7_POLICY
loadbalance vip icmp-reply active
nat dynamic 1 vlan 2222
appl-parameter http advanced-options HTTP_PARAMETER_MAP
access-group input ANY
interface vlan 1215
ip address 178.33.0.138 255.255.255.240
alias 178.33.0.137 255.255.255.240
peer ip address 178.33.0.139 255.255.255.240
service-policy input REMOTE_PUBLIC_MGMT
service-policy input WEB-to-vIPs
service-policy input SECURE_HTTPS_POLICY
service-policy input POLICY_HTTPS
no shutdown
interface vlan 2222
ip address 172.31.255.250 255.240.0.0
alias 172.31.255.249 255.240.0.0
peer ip address 172.31.255.251 255.240.0.0
nat-pool 1 172.31.255.248 172.31.255.248 netmask 255.240.0.0 pat
service-policy input REMOTE_MGMT_ALLOW_POLICY
no shutdown
ft track interface VLAN1215
track-interface vlan 1215
peer track-interface vlan 1215
priority 50
peer priority 5
ip route 0.0.0.0 0.0.0.0 178.33.0.142
default-domain
Any idea??? Thanks
