Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Cisco Employee

Reccomendation on best method for SCA Deployment ?

We need to migrate from an existing one-armed NON-Transparent Proxy Deployment to one of the following designs in an effort to give us transparency at the server level ( ie see the client ip addresses )

The Choices seem to be as follows :

One-Armed Transparent Proxy


Transparent Local Listen

The second option seems to be the easiest. Any reccomendations ?

Cisco Employee

Re: Reccomendation on best method for SCA Deployment ?

be aware that a router is needed between the client and the CSS.

The reason is that a the CSS requires 2 static route for each subnet that wants to reach the CSS.

1 route points at the router and 1 route points at the SCA - this is because the SCA uses the client ip address.

For locally attached clients, the CSS will always chose the local interface instead of the SCA to forward the response from the server - thus breaking the connections.

So what most people do is have a router in front of the CSS and configure a default route pointing at the router and another default route pointing at the SCA.

One problem with this design [2 static routes] is that connections initiated by the server [ie dns request] could be forwarded to the SCA as well.

The SCA will drop this traffic.

The solution is to configure ACL to tell the CSS to prefer the router for connections initiated by the servers.

These 2 rules applies whatever method you chose above. [personally I don't think one is easier than the other].




Re: Reccomendation on best method for SCA Deployment ?

There is one option that you may want to consider that would not require any network re-work. In newer versions of the accelerator code, there is a setting that will enable the SCA to insert the client IP address into an HTTP header. With a minor change in the webserver log, it can be adjusted to grab the address out of the HTTP header instead of the IP header.

CreatePlease to create content