Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3038
Views
0
Helpful
4
Replies

How to see the Source IP Address of a client using ACE One-armed-mode to load balance HTTP proxy request

Go to solution
jverdesca
Level 1
Level 1

‎12-05-2013 07:01 AM

I'm using an Ace 4710 Appliance deployed in One-Armed mode, using Source NAT to loadbalance HTTP request to a couple of Proxy servers.

Everything is working fine, but the thing is that I can't see the Clients IP addresses on Proxy's logs, so I can't keep track of them.

The Interfaces and Nat configs are:

interface vlan 200

  description Server-Side-VLAN

  bridge-group 5

  nat-pool 5 10.1.1.5 10.1.1.5 netmask 255.255.255.0 pat

  service-policy input VIPS

interface vlan 300

  description Client-Side-VLAN

  bridge-group 5

interface bvi 5

  ip address 10.1.1.3 255.255.248.0

  description Client-Server-Virtual-Interface

ip route 0.0.0.0 0.0.0.0 10.1.1.1

and the policy map looks like this

policy-map multi-match VIPS

  class Port80

    loadbalance vip inservice

    loadbalance policy Port80

    nat dynamic 5 vlan 200

Resource assignment:

sticky ip-netmask 255.255.255.255 address both RESOURCE-CLASS

  timeout 5

  serverfarm Service80

Any suggestions will be appreciated,

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎12-05-2013 07:15 AM

Hi,

You can use X-forwarded-for to insert the client IP address in Http header. Have a look at the link below:

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3041.shtml

Let me know if you have any questions.

Regards,
Kanwal

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎12-05-2013 07:15 AM

Hi,

You can use X-forwarded-for to insert the client IP address in Http header. Have a look at the link below:

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3041.shtml

Let me know if you have any questions.

Regards,
Kanwal

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
jverdesca
Level 1
Level 1
In response to Kanwaljeet Singh

‎12-05-2013 07:24 AM

Hi Kanwal,

Thanks for your quick reply,

I've already tried this but it didn't work. The problem is that I don't manage the proxy servers so I rely on their skills to see the logs.

The Proxies are Squid. Do you know if they need to do something else on the servers to see that field of the HTTP header?

But I'll try again tomorrow and let you know how it goes.

Thank you again.

0 Helpful

Go to solution
Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to jverdesca

‎12-05-2013 08:33 AM

Hi Josh,

I don't know what to do on the servers but that's the way you can make ACE insert source IP and even additional information like port etc in the HTTP header  and it works. You can check out with server team and check what exactly are they looking for and we can see if we can do that.

You can also share the configuration you did and it didn't work.

Did you check in pcaps if ACE did insert X-forwarded-for or not?

Regards,

Kanwal

0 Helpful

Go to solution
jverdesca
Level 1
Level 1
In response to Kanwaljeet Singh

‎01-17-2014 07:15 AM

Hi Kanwal sorry for the late answer!,

I had a typo on the policy to insert x-forwarded-for field at ACE,

In Squid we set the logs to show the xforward field and remove it to avoid our private IP addresses to be on the header of the packets heading Internet.

Thanks for your answer and sorry again for the delay!

0 Helpful
Customers Also Viewed These Support Documents