Hi,

We are using Cisco ACE 4710 to load balance servers. We have created VIP under the interface vlan using nat-pool command

Also, we have changed the gateway of the server to point to the ACE vlan ip address which is created using alias 10.x.x.x 255.x.x.x command under the interface vlan. In short ACE is in inline mode for the servers which needs to be load balanced.

Load balancing works fine, but the issue is in the access.log of the server, we see the VIP not the original public ip.

the class-map & policy-map configuration is as follow.

class-map match-all CLASS_VIP

  2 match virtual-address 10.1.X.X any

policy-map type loadbalance http first-match LOAD_BALANCE_POLICY

  class class-default

    serverfarm SERVERS_FARM

policy-map multi-match POLICY_VIP

  class CLASS_VIP

    loadbalance vip inservice

    loadbalance policy LOAD_BALANCE_POLICY

    loadbalance vip icmp-reply active

    nat dynamic 1 vlan 510

I have tried to insert following

policy-map type loadbalance http first-match LOAD_BALANCE_POLICY

  class class-default

    serverfarm SERVERS_FARM

  insert-http x-forward header-value "%is"

But still I am not able to view the original client IP. Just to add more, the site is a HTTPS site & we have not doing any kind of SSL offloading on the ACE, it is taken care by server itself

I just want to do the HTTP & HTTPS load balancing without SSL offloading & should be able to see the original client IP in the server logs

can anybody help here.

Thanking everyone in advance.