cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
374
Views
0
Helpful
1
Replies

ssl-css: ip spoofing vs single tcp connection

apasquino
Level 1
Level 1

Hello Experts,

I have a couple of 11501s-c-k9 that need to loadbalance a webfarm and want to terminate ssl on them. Moreover I would like the webservers to be aware of client ip address.

Can you confirm that the normal behaviour of the CSS would be to spoof the client ip address towards the web servers, after managing ssl termination ?

On the other hand, would it be possible for the CSS to open one single TCP session towards each web server and insert the client ip address in some specific http field ?

Thank you for your cooperation

Andrea

1 Accepted Solution

Accepted Solutions

Gilles Dufour
Cisco Employee
Cisco Employee

yes, by default the CSS spoofs the client ip address when opening a connection to the server.

The feature you want to have a single connection to the server for all clients is called tcp-reuse and it's only available on the ACE module.

The CSS does not have the possibility the insert the ip address in the http header.

Again, this feature is present on the ACE module.

Gilles.

View solution in original post

1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

yes, by default the CSS spoofs the client ip address when opening a connection to the server.

The feature you want to have a single connection to the server for all clients is called tcp-reuse and it's only available on the ACE module.

The CSS does not have the possibility the insert the ip address in the http header.

Again, this feature is present on the ACE module.

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: