Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE for layer 4 redirection


I've asked a part of this question before, but need further clarifications. Hope some one can help.

We are trying to deploy an ACE to transparently re-direct http traffic to a set of proxy servers, that are also doing some content filtering. following is the expected high level setup.

clients -----[ACE] ---- internet





| | |

[proxy 1] [proxy 2] [proxy 3]

The proxy servers have to go through the ACE again to access the internet. The returning traffic should also go back through the ACE to the same proxy server that catered for the forward traffic. As the proxy does not modify the source IP of the forward traffic (source IP of the packets going to the internet remians to be the actual client IP) , this appears to be a problem. Would you be able to suggest a solution ?

Many thanks

Cisco Employee

Re: ACE for layer 4 redirection

That should not be a problem because the vlans are different and the vlan is part of the flow matching function.

So the response from the internet to the client will come on a different vlan than the response from the proxy to the client.

The vlan being different, ACE is able to distinugish between the 2 flows.


New Member

Re: ACE for layer 4 redirection

hi thanks for the response, but I don't think I understand you fully. when the internet traffic is coming back to the ACE, how do i match that traffic so that those can be sent back to the proxy server farm. And then how do I send that traffic to the same proxy which originated that http request on behalf of the client to the internet. ?

So sorry if I'm missing your point here.


Cisco Employee

Re: ACE for layer 4 redirection

You don't have to worry about the response.

Ace will setup the return flow automatically when the request comes in.


New Member

Re: ACE for layer 4 redirection

yes, but two problems.

1.) Since the return packet from the internet has actual client (not the proxy) IP address as the destination IP, will that traffic go back to the proxy rather than directly to client?

2.) Even if it can be sent back to the proxy server farm, how can I ensure that it will go to the same proxy that originated the http request/etc. ?

Sorry to bother you this much

thanks again