How to pass client IP address via CSS with SSL offload?

noc · ‎01-26-2007

Hello,

We use Cisco CSS 11501S to do the SSL offload of web servers in one-armed mode. So we have to SNAT client IP in order to guaranty correct return path via the CSS. In this case web server can see only the IP address of the VIP used for SNAT. If there is a way to pass customer?s IP to the web server - i.e insert customized HTTP HEADER something like HTTP_REMOTEADDRESS:<IP address of the client> - similar to what is possible with BIG IP device for instance?

Second question if there is a way to get from the CSS access log data similar to what we have in Apache access.log file to be used by Webalizer or similar application to analyze web traffic.

noc · ‎02-01-2007

If someone from Cisco read my previous message?

Does it mean that Big IP with its iRules is more suitable in this case?

Gilles Dufour · ‎02-01-2007

the CSM-S can do it, the SSLM can do it, the new ACE module can do it, but not the CSS.

Gilles.

noc · ‎02-01-2007

Not very impressive for 20 kUSD device. Any plans to introduce this feature in CSS?

Also if there is any method to get web statis out of CSS box?

scott-goodwin · ‎02-05-2007

Giles is this just when using src nat??? Or for all ssl ofload??

Cheers

Scott

Gilles Dufour · ‎02-05-2007

Scott,

if you're not doing src nat, the css will spoof the client ip and therefore, there is no need to save the client ip in the http header.

Gilles.