ace config for http header insert

Unanswered Question
Oct 3rd, 2008
User Badges:


configuring an ace appliance in one arm mode. since using the source nat for clients to access the server farm.

using the below sample config

parameter-map type http HTTP_PARAMETER_MAP


policy-map type loadbalance http first-match WEB_L7_POLICY

class class-default

serverfarm SF-1

insert-http x-forward header-value "%is"

policy-map multi-match VIPs


loadbalance vip inservice

loadbalance policy WEB_L7_POLICY

loadbalance vip icmp-reply active

loadbalance vip advertise active

nat dynamic 1 vlan 511

appl-parameter http advanced-options HTTP_PARAMETER_MAP

interface vlan 511

ip address


peer ip address

access-group input any

nat-pool 1 netmask pat

no shutdown

i got the nat working but when we look at server logs , it shows the natted address and not the actual client address

whn i do the show stats http i can see hits for header inserted

pls suggest


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
ggalteroo Fri, 10/03/2008 - 05:55
User Badges:

That is how it should be on a one-armed scenario. I've used that alternative to make the implementation easier or for testing purposes. It simplifies routing but you see the ACE as source.


Syed Iftekhar Ahmed Fri, 10/03/2008 - 09:19
User Badges:
  • Blue, 1500 points or more

Is the server you are looking logs at taking "x-forward" header into account for logs?

I think you will need to tweak the server to report this header value in the logs. By default

most of the servers use/report only Source ip in the logs and with SRC NAT it will always be the loadbalancer IP.



This Discussion