ACE behaviuor if Cache sends original client IP ?

Unanswered Question
Oct 19th, 2008
User Badges:


Netpros,


We are doing transparent caching with Blue-Coat and the caches have a bypass list where the web page is not cached and the client' original IP is sent from the cache to ACE to internet.


Is there any feature on ACE which shall block this session?


Thanks in advance


Shukla.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Mon, 10/20/2008 - 05:30
User Badges:
  • Cisco Employee,

if the SYN forwarded by the cache comes back on a different interface than the original client interface, ACE will treat it as a new connection and it will perform whatever action you have setup on that interface - the default is route.


Gilles.

qataromnix Mon, 10/27/2008 - 06:18
User Badges:

If the Bluecoat send client Ip address to Internet then the return packet has to go to the same active ACE... If the ACE is in one ARM mode and is you use PBR to send the WEB traffic to ACE to loadbalance across Bluecoat..then there should be Reverse PBR on the interfaces which return traffic come through and the has to forwaded to same active ACE ..Because once u enables Ip Spoofing on Bluecoat .. when it get a request from client.. Bluecoat will be initiating a different TCP session with source IP as client IP address.. so if this traffic dont come back to the same proxy and if it directly goes to the client then client will drop the packet

Actions

This Discussion