ace config for http header insert

Unanswered Question
Oct 3rd, 2008


configuring an ace appliance in one arm mode. since using the source nat for clients to access the server farm.

using the below sample config

parameter-map type http HTTP_PARAMETER_MAP


policy-map type loadbalance http first-match WEB_L7_POLICY

class class-default

serverfarm SF-1

insert-http x-forward header-value "%is"

policy-map multi-match VIPs


loadbalance vip inservice

loadbalance policy WEB_L7_POLICY

loadbalance vip icmp-reply active

loadbalance vip advertise active

nat dynamic 1 vlan 511

appl-parameter http advanced-options HTTP_PARAMETER_MAP

interface vlan 511

ip address


peer ip address

access-group input any

nat-pool 1 netmask pat

no shutdown

i got the nat working but when we look at server logs , it shows the natted address and not the actual client address

whn i do the show stats http i can see hits for header inserted

pls suggest


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
ggalteroo Fri, 10/03/2008 - 05:55

That is how it should be on a one-armed scenario. I've used that alternative to make the implementation easier or for testing purposes. It simplifies routing but you see the ACE as source.


Syed Iftekhar Ahmed Fri, 10/03/2008 - 09:19

Is the server you are looking logs at taking "x-forward" header into account for logs?

I think you will need to tweak the server to report this header value in the logs. By default

most of the servers use/report only Source ip in the logs and with SRC NAT it will always be the loadbalancer IP.



This Discussion