07-11-2008 01:20 PM
I'm using a CSS 11501 to load balance traffice between 2 web servers. The servers need to see the "Real IP" of the clients for logging / validation purposes. How can I pass the "Real IP" to the web servers through the CSS?
show run
configure
!*************************** GLOBAL ***************************
cdp run
no restrict web-mgmt
ssl associate rsakey rsatest rsatest
ssl associate cert certtest mywebsitetestchain.pem
ssl associate rsakey mywebsiteRSA mywebsiteRSA
ssl associate cert mywebsiteCert mywebsite.pem
ip route 0.0.0.0 0.0.0.0 192.168.10.240 1
!************************* INTERFACE *************************
interface e3
bridge vlan 253
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.10.20 255.255.255.0
circuit VLAN253
ip address 192.168.1.24 255.255.255.0
!*********************** SSL PROXY LIST ***********************
ssl-proxy-list 2
ssl-server 1
ssl-server 1 vip address 192.168.10.26
ssl-server 1 cipher rsa-with-rc4-128-sha 1.1.1.1 81
ssl-server 1 rsakey mywebsiteRSA
ssl-server 1 rsacert mywebsiteCert
active
!************************** SERVICE **************************
service 192.168.1.30
ip address 192.168.1.30
keepalive type tcp
port 80
active
service 192.168.1.31
ip address 192.168.1.31
keepalive type tcp
port 80
active
service 192.168.1.32
keepalive type tcp
port 80
ip address 192.168.1.32
active
service 192.168.1.33
ip address 192.168.1.33
keepalive type tcp
port 80
active
service SSL
type ssl-accel
keepalive type none
slot 2
add ssl-proxy-list 2
active
service redirect-443
keepalive type none
type redirect
no prepend-http
domain https://secure.mywebsite.com
active
!*************************** OWNER ***************************
owner mywebsite.com
content PORT-81
protocol tcp
port 81
url "/*"
vip address 1.1.1.1
advanced-balance arrowpoint-cookie
add service 192.168.1.31
add service 192.168.1.33
active
content secure.mywebsite.com(443)
vip address 192.168.10.26
protocol tcp
application ssl
port 443
add service SSL
active
content secure.mywebsite.com(80)
protocol tcp
port 80
url "/*"
vip address 192.168.10.26
add service redirect-443
active
content www.mywebsite.com(80)
protocol tcp
port 80
url "/*"
vip address 192.168.10.25
add service 192.168.1.30
add service 192.168.1.32
active
!*************************** GROUP ***************************
group secure.mywebsite.com
vip address 192.168.10.26
add destination service 192.168.1.31
add destination service 192.168.1.33
active
group www.mywebsite.com
add destination service 192.168.1.30
add destination service 192.168.1.32
vip address 192.168.10.25
active
show ver
Version: sg0810106 (08.10.1.06)
Flash (Locked): 08.10.1.06
Flash (Operational): 08.10.1.06
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
Solved! Go to Solution.
07-11-2008 02:47 PM
Brandon
You are usig source-groups
group secure.mywebsite.com
vip address 192.168.10.26
add destination service 192.168.1.31
add destination service 192.168.1.33
active
group www.mywebsite.com
add destination service 192.168.1.30
add destination service 192.168.1.32
vip address 192.168.10.25
active
in your config that changes the client source addresses (Source NATting).
By default CSS doesnt change the Client IPs.
Syed
07-11-2008 02:47 PM
Brandon
You are usig source-groups
group secure.mywebsite.com
vip address 192.168.10.26
add destination service 192.168.1.31
add destination service 192.168.1.33
active
group www.mywebsite.com
add destination service 192.168.1.30
add destination service 192.168.1.32
vip address 192.168.10.25
active
in your config that changes the client source addresses (Source NATting).
By default CSS doesnt change the Client IPs.
Syed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide