Thanks the lik was very helpfull.

I am still looking for a better way to loadbalance the traffic to our web servers.

What I am looking for is a way to setup the ace as a Layer 7 proxy (filtring the url and sending the request to  the appropriate server)

Of course the IP source for the webserver is the VIP of the ACE not the clients' public IP.

If I can do that, the web servers will not have to wait the ack from the client for each http request. in other word the web server answer to the ace and close the query, and it's the ACE that take care of answering to the external clients.

Mu concern is that : with just a nat configuration the web server has to wait the answers (tcp protocol negociation) from the external clients even if it see the VIP IP insteed of the client's external IP

i guess ACE when deployed in layer 7 load balancing mode may help you in achiving your need. In this mode ACE will open two separate sessions front end (with client) and back end (with server). overall ACE will negotiate front end client TCP connection, will wait till client send Layer 7 information (like http get) and based on this information it choose the server. once server is chosen ACE open a seperate TCP session with server in backend. once TCP 3-way handshake finish, ACE will splice both front end and backend (tweaking seq.no, acknowledge etc.).

Thanks.

I tried to make a simple connfiguration for our two web servers to have this result:

1) Any traffic to 100.100.100.101 tcp port 80

+

2) that contains * in the URL (i.e. all the urls)

3) Nat the source IP, so the web servers will see the http requests comming from 100.100.100.110-100.100.100.115

not there real IPs

Is this configuration correct ?

rserver host web01

  ip address 10.0.0.1

  inservice

rserver host web02

  ip address 10.0.0.2

  inservice

serverfarm host My-Web-Servers-pool

  rserver web01 80

    inservice

  rserver web02 80

    inservice

class-map match-all class_vip_web

  2 match virtual-address 100.100.100.101 tcp eq www

policy-map type loadbalance first-match policy_vip_web

  class policy_url

    serverfarm My-Web-Servers-pool

class-map type loadbalance http first-match policy_url

2 match http url /*

policy-map multi-match policy_vip_web-multimatch

  class class_vip_web

    loadbalance vip inservice

    loadbalance policy policy_vip_web

    nat dynamic 1 vlan 50

service-policy input policy_vip_web-multimatch

interface vlan 50

  description "Client-Server VLAN"

  ip address 100.100.100.100 255.255.255.0

  access-group input everyone

  nat-pool 1 100.100.100.110 100.100.100.115 netmask 255.255.255.0 pat

  no shutdown

Thanks in advance.

Configuration look perfect as per your need.

Thanks!

Since I 've never done the nat conf before,I want to be sure before applying tis :-)

is my 3rd note correct? the web servers will se the http requests comming from the ip pool 100.100.100.110-100.100.100.115 not real IPs

Thanks again.

yes you understanding is correct, servers will only see connections from these IP's only. Also just small missing statement in your config, i.e. service-policy is not applied to interface.

Thanks,

I thought that when I add the line :

service-policy input policy_vip_web-multimatch

I don't need to add the policy in the interface section !

Regards.

my mistake, i missed that statement from global mode config and was looking in interface.