Cisco ACE One Arm Mode and identifying Source Nat clients

I have been working within an environment where keeping it simple is a good  strategy. No matter what strategy, process or good practice you follow there will always be a a “what about ?” Interestingly, I came close to one of these based around the ACE load-balancer and using One-Arm-Mode, with source-nat. The use of the following command will insert a custom header into the packet so that the server in question will have a means to identify the true source address. Why would you ever need this you might ask..? If so your potentially in the wrong job.

# policy-map type loadbalance http first-match WEB_L7_POLICY
# class class-default
# serverfarm
# insert-http x-forward header-value “%is”


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s