Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

how to configure to let local server log the clients ip address?

I have CSS11506 on version 08.10.2.05.

currently I have moved backend servers subnet to frontend (same side as clients and internet).

and configured my css11506 as:

service local-server

ip address 10.1.1.11

protocol tcp

port 80

keepalive type tcp

keepalive port 80

content vip

vip address 10.1.2.110

balance leastconn

protocol tcp

port 80

url "/*"

add service local-server

active

group julie-test-group

vip address 137.154.154.251

add destination service local-server

active

It works great, but, there is a problem with local server log. there is only vip be logged as requist, but actually client.

Would any one advice me if I can corrent this problem? If so, how to?

Any comments will be appreciated

Thanks in advance

4 REPLIES
Cisco Employee

Re: how to configure to let local server log the clients ip addr

there is no way as soon as you configure a group to save the client ip address.

If this info is important for you, you will need to review your design to avoid the use of a group.

This requires to have the servers behind the CSS or the use of policy routing to intercep server traffic and direct it to the CSS.

Gilles.

New Member

Re: how to configure to let local server log the clients ip addr

Great thanks for replies.

Could you please advice me how do I do to using policy routing to intercep server traffic and direct it to the CSS?

I have not quite understand how to do it?

Many Regards

New Member

Re: how to configure to let local server log the clients ip addr

Julxu,

I was posed with this problem as well, the only way to do it is to make the server subnet routable through the CSS and remove the group.

rich

Bronze

Re: how to configure to let local server log the clients ip addr

You can avoid source group by setting the server default gateway to be the CSS.

This way when configured, if there is any 'direct' traffic targeted to the Servers, you will in trouble as the return traffic from the server would use the server's default gateway (because of remote/alien subnet it is trying to reach) and the CSS. Connection will break here.

To avoid this you can set a static route on the router forcing the traffic through the CSS, or else as Gilles suggested, use policy routing on the Router.

thanks

116
Views
5
Helpful
4
Replies
CreatePlease to create content