Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to see the Source IP Address of a client using ACE One-armed-mode to load balance HTTP proxy request

I'm using an Ace 4710 Appliance deployed in One-Armed mode, using Source NAT to loadbalance HTTP request to a couple of Proxy servers.

Everything is working fine, but the thing is that I can't see the Clients IP addresses on Proxy's logs, so I can't keep track of them.

The Interfaces and Nat configs are:

interface vlan 200

  description Server-Side-VLAN

  bridge-group 5

  nat-pool 5 10.1.1.5 10.1.1.5 netmask 255.255.255.0 pat

  service-policy input VIPS

interface vlan 300

  description Client-Side-VLAN

  bridge-group 5

interface bvi 5

  ip address 10.1.1.3 255.255.248.0

  description Client-Server-Virtual-Interface

ip route 0.0.0.0 0.0.0.0 10.1.1.1

and the policy map looks like this

policy-map multi-match VIPS

  class Port80

    loadbalance vip inservice

    loadbalance policy Port80

    nat dynamic 5 vlan 200

Resource assignment:

sticky ip-netmask 255.255.255.255 address both RESOURCE-CLASS

  timeout 5

  serverfarm Service80

Any suggestions will be appreciated,

Thanks

  • Application Networking
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: How to see the Source IP Address of a client using ACE One-a

Hi,

You can use X-forwarded-for to insert the client IP address in Http header. Have a look at the link below:

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3041.shtml

Let me know if you have any questions.

Regards,
Kanwal

Sent from Cisco Technical Support iPhone App

4 REPLIES
Cisco Employee

Re: How to see the Source IP Address of a client using ACE One-a

Hi,

You can use X-forwarded-for to insert the client IP address in Http header. Have a look at the link below:

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3041.shtml

Let me know if you have any questions.

Regards,
Kanwal

Sent from Cisco Technical Support iPhone App

New Member

How to see the Source IP Address of a client using ACE One-armed

Hi Kanwal,

Thanks for your quick reply,

I've already tried this but it didn't work. The problem is that I don't manage the proxy servers so I rely on their skills to see the logs.

The Proxies are Squid. Do you know if they need to do something else on the servers to see that field of the HTTP header?

But I'll try again tomorrow and let you know how it goes.

Thank you again.

Cisco Employee

How to see the Source IP Address of a client using ACE One-armed

Hi Josh,

I don't know what to do on the servers but that's the way you can make ACE insert source IP and even additional information like port etc in the HTTP header  and it works. You can check out with server team and check what exactly are they looking for and we can see if we can do that.

You can also share the configuration you did and it didn't work.

Did you check in pcaps if ACE did insert X-forwarded-for or not?

Regards,

Kanwal

New Member

How to see the Source IP Address of a client using ACE One-armed

Hi Kanwal sorry for the late answer!,

I had a typo on the policy to insert x-forwarded-for field at ACE,

In Squid we set the logs to show the xforward field and remove it to avoid our private IP addresses to be on the header of the packets heading Internet.

Thanks for your answer and sorry again for the delay!

776
Views
0
Helpful
4
Replies