cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
343
Views
0
Helpful
1
Replies

Preserving source IP addresses on CSS 11501

switchtower
Level 1
Level 1

Hello Everyone,

I'm trying to scheme a way to preserve client IP addresses on a CSS 11501 that is running in a one armed configuration.

The CSS was added before we needed to load balance and the site(s) which it serves are in production and really can't be touched (perhaps one at a time in a maintenance window).

The relevant setup is:

Internet --> ASA 5520 (NAT) --> servers/CSS 11501's

Can I somehow make the CSS the default gateway for the servers on the LAN?

Any advice would be appreciated and the relevant config can be posted if necessary.

Thanks!

1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

Nick

You can't preserve the client IP's in one-armed. You have to force the traffic to go back to the CSS from the load-balanced servers. If you preserved the client IP's then the servers would send the traffic straight back to the client without going back through the CSS so the CSS doesn't see the full flow.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco