10-03-2008 12:02 AM
hi,
configuring an ace appliance in one arm mode. since using the source nat for clients to access the server farm.
using the below sample config
parameter-map type http HTTP_PARAMETER_MAP
persistence-rebalance
policy-map type loadbalance http first-match WEB_L7_POLICY
class class-default
serverfarm SF-1
insert-http x-forward header-value "%is"
policy-map multi-match VIPs
class L4VIPCLASS
loadbalance vip inservice
loadbalance policy WEB_L7_POLICY
loadbalance vip icmp-reply active
loadbalance vip advertise active
nat dynamic 1 vlan 511
appl-parameter http advanced-options HTTP_PARAMETER_MAP
interface vlan 511
ip address 192.168.0.130 255.255.255.0
alias 192.168.0.128 255.255.255.0
peer ip address 192.168.0.131 255.255.255.0
access-group input any
nat-pool 1 192.168.0.254 192.168.0.254 netmask 255.255.255.0 pat
no shutdown
i got the nat working but when we look at server logs , it shows the natted address and not the actual client address
whn i do the show stats http i can see hits for header inserted
pls suggest
Thanks
10-03-2008 05:55 AM
That is how it should be on a one-armed scenario. I've used that alternative to make the implementation easier or for testing purposes. It simplifies routing but you see the ACE as source.
Regards
10-03-2008 09:19 AM
Is the server you are looking logs at taking "x-forward" header into account for logs?
I think you will need to tweak the server to report this header value in the logs. By default
most of the servers use/report only Source ip in the logs and with SRC NAT it will always be the loadbalancer IP.
Syed
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: