source address and the proxy server

Unanswered Question
May 11th, 2010

We're running ACE SM and have a recurcive config requirement, where a front end VIP would load balance a packet between 2 back-end proxy servers which, it turn, would send the packet to the back-end VIP. We're trying to determine if we need to SNAT the egress packets based on the fact that the proxy servers retain source addresses of the client, as oppose to replacing it with their own.

Does anybody happen to know if proxy servers do infact retain the clients IP addresses or replace them with their own?

thanks..

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
UHansen1976 Tue, 05/11/2010 - 15:17

In my experience, most proxyservers tend to nat the client ip to an common egress address, most often the address of the outgoing proxyinterface and simply apply pat to handle multible sessions.

Weather or not you need to configure src.nat on egress traffic, would depend entirely on your setup. In some cases, src.nat is needed to avoid the possibility of asynchronous routing.

Don't know if this answers your question, but more accuracy would require some more insight into your proxy/ace setup.

hth

/Ulrich

Actions

This Discussion