cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
528
Views
0
Helpful
1
Replies

CSL+SSL, does it preserve the client source IP?

nestlelan
Level 1
Level 1

Hello,

brief question:

if I terminate HTTPS session on the SSL module inside the CSM, will the SSL module re-establish a new session with its own IP address to the HTTP VIP on the CSM or will re-establish the session with the IP address of the source clients?

If its the IP address of the SSL module, then we just have 2 SSL TE in the data center and it will not load balance well if we use sticky source ip and 8 server behind.

Thanks

Giulio.

1 Reply 1

pablo.nxh
Level 3
Level 3

Hi Giulio,

Short answer is no; neither the CSM nor SSLM/CSM-S will NAT the original client IP address unless configured to do so...

NAT client is configured at serverfam level on CSM, SSL-Proxy on SSLM version 2.X and Context level on SSLM version 3.X.

If you're running on routed/bridge mode on your CSM you have nothing to worry about as this designs do not require NAT to be in place when configured correctly.

HTH

__ __

Pablo

Review Cisco Networking for a $25 gift card