cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
611
Views
3
Helpful
2
Replies

ace config for http header insert

followurself
Level 1
Level 1

hi,

configuring an ace appliance in one arm mode. since using the source nat for clients to access the server farm.

using the below sample config

parameter-map type http HTTP_PARAMETER_MAP

persistence-rebalance

policy-map type loadbalance http first-match WEB_L7_POLICY

class class-default

serverfarm SF-1

insert-http x-forward header-value "%is"

policy-map multi-match VIPs

class L4VIPCLASS

loadbalance vip inservice

loadbalance policy WEB_L7_POLICY

loadbalance vip icmp-reply active

loadbalance vip advertise active

nat dynamic 1 vlan 511

appl-parameter http advanced-options HTTP_PARAMETER_MAP

interface vlan 511

ip address 192.168.0.130 255.255.255.0

alias 192.168.0.128 255.255.255.0

peer ip address 192.168.0.131 255.255.255.0

access-group input any

nat-pool 1 192.168.0.254 192.168.0.254 netmask 255.255.255.0 pat

no shutdown

i got the nat working but when we look at server logs , it shows the natted address and not the actual client address

whn i do the show stats http i can see hits for header inserted

pls suggest

Thanks

2 Replies 2

ggalteroo
Level 1
Level 1

That is how it should be on a one-armed scenario. I've used that alternative to make the implementation easier or for testing purposes. It simplifies routing but you see the ACE as source.

Regards

Is the server you are looking logs at taking "x-forward" header into account for logs?

I think you will need to tweak the server to report this header value in the logs. By default

most of the servers use/report only Source ip in the logs and with SRC NAT it will always be the loadbalancer IP.

Syed

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: