CSS 11500:Client ip-address visible to the real server
Is it possible to keep the original ip-address of the client when the the css is redirecting the traffic to the real server. customer needs the client ip-address on the real server for reporting.
regards
Dietrich Schleyer
Dietrich,
by default the CSS will keep the original client ip address.
To have the CSS changing the client ip, your customer must have configured a group with 'add destination service'.
Probably because your client is using a one-armed setup which is the easiest to implement but the worst to use.
So, your customer should go to a 2-sides CSS design and have the traffic flow through the CSS without the need to do client nat.
Once the design is correct, you can remove the group and the CSS will keep the client ip address.
Regards,
Gilles.
Thanks for rating.
Similar Messages
-
Duplicate Client IP Address Matching Teamed Adapter on Server
I am experiencing a problem with a client's WLAN and client IP address conflicts.
Basically every wireless client reports a problem that it is having an IP Address conflict with another device on the network (wired).
The device in mention is a Dell Server with Teamed network cards. They have three of them and clients are reporting conflicts with all three.
On investigating further there is no address conflict as the "Teamed Adapter" has a completly different network address (static) and the wireless clients are using the internal WLC DHCP server in a different range. (although it is all one flat network).
The clients report that there is an address conflict, the MAc that it gives is the Teamed Server but the IP address is only its own and not on the Teamed Adapter.
Has anyone seen this before or had a problem with "Teamed Adapters" on servers.
Our environment is:
WLC 4402-50 running 5.2.178
Flat Network.
ThanksHi Roman,
thanks for your reply.
Basically what i have found is that it Servers running Microsoft Windows 2003 or Windows 2000, that have teamed NICs using Broadcom Advanced Server Programs (BASP) in an active/active team, respond to other server's gratuitous ARP packet with an incorrect IP address. The Microsoft Windows server will respond to the other server sending the gratuitous ARP, with the Microsoft Windows server team MAC address, but with the other server's IP address in the sender field of the packet. This causes the other system to respond as if there is a duplicate IP on the network.
Fix is to upgrade to BASP driver version 6.2.32, or newer. This version of the BASP driver was first included with the Broadcom NetXtreme Gigabit Ethernet Software.
An upgrade of the drivers apprently will fix this issue althouh i have tried it on 3 servers with this ocnfiguration and it fixed it for two of them.
The work around is to disable the active/active NIC team and use an active/standby team instead.
Someone else on this forum must of come across this before i am sure?
Anyway if it does resolve the issue i will post it back here so that anyone else in the future with this problem has a resolution!!
thanks -
ACE 4710 Probes on other servers than the real server
Hi,
I wanted to know if there is a means to configure a probe that is independent of the real servers.
The aim is to configure a probe a real server but also probe another intermediate server which is not in the server farm.
The objective is to declare the real server down if its probe fails but also the probe to an intermediate server fails as well as a or condition.
From the document, there is no mention of it.
But is there a means to do it.
Thanks.Hi Ashley,
i see it is not mentioned anywhere in document but i think ou should be able to bind two probes with real server of which one probe is actually probing another server.
I would configure one probe let's say TCP based and bind it with serverfarm. Then i would configure another probe TCP based and define IP address in that probe (the other server IP which we need to probe) and bind this probe with same serverfarm. Serverfarm will not have this rserver added. And then i would configure "fail-on-all" and test if that works for you.
i know you can set probe on redirect server/serverfarm which actually probes another real server so logically should work for normal host rserver as well. But i have never tested it myself.
Regards,
Kanwal -
Leopard clients periodically lost connection with the AD Server
Hi everyone and, first of all, sorry for my poor english.
I manage a network of Apple computers, connected to an Active Directory server on a Windows 2003. No exotic configurations, Apple clients only use the AD as a login server.
Everything works fine, except for a strange issue that happens sometimes (these days too often, by the way) on the Apple clients: login failed, and the only thing I found to fix this issue is to re-join the computer to the AD server.
When the problem occurs, this is the output of "ls -l /Users":
drwxrwxrwt 7 root wheel 238B Mar 1 2011 Shared
drwxr-xr-x+ 16 2007941056 1918399388 544B May 9 2011 e.valeri
As you can see, UID and GID are not matched with the real Username and GroupName, which are in the AD server.
I am not an Apple expert but I'm a Linux System Administrator, so it is not a problem for me to search in the logs with the command line but, at the moment, I didn't find any clues.
Can you help me?
Thanks in advanceHi I.Golovan,
I'm sorry to hear you are having Mail issues on your MacBook Pro. If the disconnect issue to your Mac Mini mail server is intermittent but persistent, you may want to wait until it disconnects, then try running Connection Doctor to see what it returns about the connection, as outlined below:
Mail (Yosemite): Use Connection Doctor
Regards,
- Brenden -
System went down after this message Client is not known to the mess server
Hi Guru's,
I am running 4.6c on Ora 8i, Windows 2000 Server. We have 1 application server. The central instance and DB is on same host.
<b>Initially i got following error message 2 times in the system log reading:-</b>
No free memory available in class PERM . Memory block ID "abtsv2", 958955044 bytes
<b>After above message I got an information message Continuously 30 minutes in the system log reading:-</b>
Client cinsapp1_PRI_00 is not known to the message serve
<b>Then stoped the workproccess one by one</b>
Stop Workproc 5, PID 4800
Stop Workproc13, PID 4468
Stop Workproc18, PID 4508
Stop Workproc11, PID 4452
Stop Workproc14, PID 4476
Stop Workproc12, PID 4460
Stop Workproc17, PID 4500
Stop Workproc24, PID 4560
Stop Workproc23, PID 4552
Stop Workproc25, PID 4576
Stop Workproc10, PID 4444
Stop Workproc16, PID 4492
Operating system call recv failed (error no. 10054)
Operating system call WSASend failed (error no. 10053)
<b>Finally R/3 system was stoped.</b>
Please let me know the process how to check the trace for this problem. If any body got same problem please suggest me how can i resolve this problem.
Thanks in advance,
RameshHi Experts,
How you fixed this issue, Please share with us.
because i am also facing the same problem in one of our SAP server.
Thanks & regards,
Pandiyan -
Display name of shared calendar in Outlook clients after name change on the Exchange Server
I have changed the name of a conference room resource calendar on the Exchange server but the name change is not being reflected in the end user's Outlook clients. I tested a remove/re-add and that worked but I cannot have everyone in the company do this.
Is there anyway to force the change down to the Outlook clients?I don't know for sure, but if this is the case, then it's highly likely that the GUID is used by the client after its first view of the calendar. From that point on, it appears it doesn't "revisit" the directory for updated names.
We'd need Outlook team feedback for confirmation. -
Client version is different on the primary server and workstations
Hi Guys,
I have a quick question.
What is the impact if the client version on the workstations are higher than the primary site version?
In our environment, some of the machines client got updated to 5.00.7804.1300. But our primary site server version is 5.00.7804.1000.
Thanks in advance.Well, if the same major version, being SP1 or R2, then generally OK. However, between major versions, you are not supported having a higher client version (for example R2) reporting to a lower version (for example SP1).
Even within a site, with the same higher version, there should be no way to get clients installed at a higher CU than the site server. Of course, if the site server is a client, then it could be R2 CU1, and other clients being R2 CU2. But R2 CU2 would still
be installed on the site server, maybe just not the client on the site server.
And I believe as of CU2 of R2, they are not updating the Help About version to reflect CU release so that will help.
Wally Mead -
Client is not known to the message server
Hi,
I've search SAP Notes but could not find any answer to my problem. I am running 4.7 (620) on Ora 9i, Windows 2000 Advanced Server and kernel 155. We have 2 application servers and one DB server.
I get an error message every 5 minutes in the system log reading:-
Client PRD01PRD_00 is not known to the message server
Client PRD02PRD_00 is not known to the message server
This message translates in dev_w0 as follows:-
ERROR => ThCheckReqInfo: message send/receive failed [thxxhead.c 16132]
ERROR => ThSysAdmMsg: ThAdmSend [thxxab.c 6903]
Please advise on a solution.Dear Ferrandi,
this is an attempt to send an ADM message to a given instance. The problem is that the message server is not aware of such an instance. If you say that this happens every 5 minutes, it will be some kind of automatic job trying to speak to an instance not available in the system. I would suggest that you reset the trace files, then switch the trace level of the first three dialog work processes to 2 (components taskhandler, abap proc., and scrn. proc.) and then set the profile parameters
rdisp/TRACE_LOGGING = on, 10m
rdisp/TRACE_PATTERN_0 = ERROR => ThSysAdmMesg: ThAdmSend
so that tracing will stop as soon as the problem happens again. Do post the work process trace file that has the error message here or send it via mail to me so that I can check which report is being run.
Best Regards,
Tim -
How to get rid of the message Client submission probe stuck in the Exchange Server Queue?
We have Exchange 2013 in Hybrid with Office 365.
How to get rid of the message in the Exchange Server Queue?
Mounting the database fixed it.
Thanks!!!Mounting the database fixed it.
-
How can I change the real server convergence timer in LD ?
I have LD416(3.1.4) and configured 1*VIP and 2*Real server. looks it takes about 30 seconds to switching to the other real server when one of failure.
Q) How can I reduce the the convergence time?
Thanks,I am not sure , but check with by configure the DELAY command and see if that helps resolve this.For related information on timers, could you refer the below URL :
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca75d.html -
Inserting Cookie to the real server
Hi ,
I have a requirement , i have no clue how far it is possible to implement.
I need to insert a cookie ( specifc value) to the real servers while doing the stickiness..
means stickiness is based on the insertion of cookie , i need it as follows
If the requesting is serving to SERVER1 then it should pass a cookie value SRV1 with that request , if SERVER2 and then cookie value SRV2 should be inserted and so on and so forth.
Is this practically possible.
I have done insertion of HTTP cookie using ACE but this kind of request i have never achieved. Is it possible to do it in ACE?
-ParveesTo me the definite answer is no. I'm not even sure you could do it with another product.
Usually we don't play with cookies but fields of HTTP headers instead. But on the ACE (and most load balancers) you'll find the same or close behavior. -
Mac client bc addresses visible to recipients
We're using the Mac client, v8.0.2HP4, and attempting to send messages where the bc field contains a group with internal and external addresses as well as nested groups of external addresses. The message is sent, but here are the problems we're seeing:
1. Internal recipients to whom the message is bc'd can click the "Properties" tab and see listed all the bc addressees.
2. External recipients to whom the message is bc'd see the entire collection of bc'd addressees in the to: field if their received message.
The same message and addressee setup works correctly when sent from the Windows GW 8.0.3 (build 108711) client.
Anyone seen anything like this?janthenat wrote:
> We've confirmed that the same problem occurs using a separate known clean GW
> install. It does, in fact, appear to be the client but hoping to find a way
> to work around it.
Unfortunately, I don't know of any way to work around this.
Danita
Novell Knowledge Partner
Are you a GroupWise Power Administrator? Join our site.
http://www.caledonia.net/register
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below... -
What is the appropriate product name for CSS 11500 on Bug Toolkit
Today I tried to search DDTs of CSS 11500 on Bug Toolkit (http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl), however I can not find out appropriate product name corresponding to CSS 11500.
Before I had searched DDTs of CSS 11500 on Bug Toolkit many times, at that time, if my memory correct..
I selected "Cisco CSS 11500 Series Content Services Switches" in the list of "Search for bugs in other Cisco software and hardware products" on Bug Toolkit.
But I can not find this product name today.
Do you know what product name appropriate for CSS 11500 on Bug Toolkit ?
Your information would be appreciated.
Best regards,Hi Gilles,
Thank you for your cooperation.
Today, I can find the CSS at "new Bug Toolkit".
http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
Select Product Category: Application Networking Services
Select Product: Cisco CSS 11000 Series Content Services
So I understand I should go "new Bug Toolkit" instead of old "Bug Toolkit" to
search any DDTs for CSS 11500.
Many thanks.
Best regards, -
How do I get list of client IP Addresses using new Airport Utility v6.3?
I have purchased and Airport Time Capsule 3TB (newest model). Previous models were still compatible with Airport Utility 5.6 and I could use "manual" mode to get a list of client IP addresses attached to the device. The new Airport Time Capsule is only compatible with Airport Utility 6.3 and I cannot figure out how to get a list of client IP addresses with this new model. Does anyone know how to do this?
Try a ping broadcast - for example if your network were 192.168.1.xxx (netmask of 255.255.255.0) try this from a Termnal.app window (located in /Applications/Utilities):
ping 192.168.1.255
If you have a different type netmask, you need to put 255's where the 0's are in your netmask.
Everyone on the local network (the 192.168.1.xxx network) should reply that is up and running unless you have them setup to not respond to pings (the WAN port on your TC should not reply cause it's in a different network) and you have your list of clients on the network. If you setup the TC to dedicate a range of addresses for WiFi clients you can even identify which of them are wired and which are wireless.
good luck. -
How can I preserve Client IP address?
I am configuring the ACE for bridged mode. However, the real server is seeing VIP IP but not Client IPs. Our business requires that the real server must see client IPs. Do you have any idea how to set that up?
I tried to turn ON/OFF normalization but it is still not working.
Thanks,
Vincent
==============================
Here is my configuration:
rserver host 192.168.71.71
ip address 192.168.71.71
inservice
serverfarm host WEB_FARM
failaction purge
probe ICMP
rserver 192.168.71.71
inservice
access-list PERMIT-BPDU ethertype permit bpdu
access-list ALL line 8 extended permit ip any any
sticky ip-netmask 255.255.255.255 address source WEB_FARM_Sticky
timeout 180
replicate sticky
serverfarm WEB_FARM
class-map match-all WEB_FARM_VIP
2 match virtual-address 192.168.71.154 tcp eq 80
class-map type management match-any remote_access
2 match protocol xml-https any
4 match protocol icmp any
5 match protocol telnet any
6 match protocol ssh any
7 match protocol http any
8 match protocol https any
9 match protocol snmp any
policy-map type loadbalance first-match WEB_FARM_Policy
class class-default
sticky-serverfarm WEB_FARM_Sticky
policy-map multi-match WEB_VIPS
class WEB_FARM_VIP
loadbalance vip inservice
loadbalance policy WEB_FARM_Policy
loadbalance vip icmp-reply active
nat dynamic 6 vlan 31
nat dynamic 5 vlan 21
interface vlan 21
description Client VLAN
bridge-group 171
no normalization
mac-sticky enable
access-group input PERMIT-BPDU
access-group input ALL
service-policy input WEB_VIPS
nat-pool 5 192.168.71.154 192.168.71.154 netmask 255.255.255.255 pat
interface vlan 31
description Server VLAN
bridge-group 171
no normalization
mac-sticky enable
access-group input PERMIT-BPDU
access-group input ALL
service-policy input WEB_VIPS
nat-pool 6 192.168.71.154 192.168.71.154 netmask 255.255.255.255 pat
no shutdown
interface bvi 171
ip address 192.168.71.3 255.255.255.0
no shutdownDo you have a default route on the ACE and the rservers? Are they all pointing to the same IP? I have the same configuration. An ACE 4710 in transparent mode, but I have no NATing and my rservers are able to see the original client IPs (security requirement).
Here is part of my config for one serverfarm
rserver host RS_MIDTIER_220
description
ip address 172.31.0.131
inservice
rserver host RS_MIDTIER_221
description
ip address 172.31.0.132
inservice
rserver host RS_MIDTIER_222
description
ip address 172.31.0.133
inservice
rserver redirect RS_SSL_Redirects
webhost-redirection https://%h/%p 301
inservice
action-list type modify http SSL_URL_REWRITE
ssl url rewrite location ".*"
serverfarm redirect SF_SSL_Redirects
predictor leastconns
rserver RS_SSL_Redirects
inservice
serverfarm host SF_Midtier_Prod
description Midtier Production
predictor leastconns
probe APACHE
probe ICMP
rserver RS_MIDTIER_220 80
inservice
rserver RS_MIDTIER_221 80
inservice
rserver RS_MIDTIER_222 80
inservice
ssl-proxy service SSL_PSERVICE_MIDTIER_PROD
key
cert
chaingroup EntrustChainGroup
sticky http-cookie JSESSIONID Sticky_Jsession_Cookie_Midtier_Prod
timeout 90
serverfarm SF_Midtier_Prod
class-map type management match-any REMOTE_MGT_ACCESS
description remote access traffic match
2 match protocol ssh source-address
4 match protocol https source-address
5 match protocol snmp source-address
class-map match-any VS_Midtier_Prod_L3SLB
description Midtier Prod IPs
2 match virtual-address 172.31.0.46 tcp eq https
3 match virtual-address 172.31.0.47 tcp eq https
class-map match-any VS_SSL_Redirects
description Redirects any http VIPS to https
5 match virtual-address 172.31.0.46 tcp eq www
6 match virtual-address 172.31.0.47 tcp eq www
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
class REMOTE_MGT_ACCESS
permit
policy-map type loadbalance http first-match Midtier_Prod_L4SLB
class class-default
sticky-serverfarm Sticky_Jsession_Cookie_Midtier_Prod
action SSL_URL_REWRITE
policy-map type loadbalance first-match SSL_Redirect_L4SLB
class class-default
serverfarm SF_SSL_Redirects
policy-map multi-match Farm_VIPS
class VS_SSL_Redirects
loadbalance vip inservice
loadbalance policy SSL_Redirect_L4SLB
class VS_Midtier_Prod_L3SLB
loadbalance vip inservice
loadbalance policy Midtier_Prod_L4SLB
loadbalance vip icmp-reply active
ssl-proxy server SSL_PSERVICE_MIDTIER_PROD
interface vlan 100
description DMZ ACE frontside
bridge-group 1
access-group input BPDUALLOW
access-group input ALL
service-policy input REMOTE_MGMT_ALLOW_POLICY
service-policy input Farm_VIPS
no shutdown
interface vlan 110
description DMZ ACE backside
bridge-group 1
access-group input BPDUALLOW
access-group input ALL
no shutdown
interface bvi 1
ip address 172.31.0.150 255.255.255.0
no shutdown
rserver redirect RS_SSL_Redirects
webhost-redirection https://%h/%p
301
inservice
domain
ip route 0.0.0.0 0.0.0.0 172.31.0.1
Maybe you are looking for
-
I have searched the forums and haven't found the answer to make this work: I install 7.5 and it's other parts.... quicktime and the updaters, i try to launch it and vista says it has in countered a problem with items and shuts down, i have tried to c
-
Product graphic for used input
Hi, I am looking for suggestions/direction on the following. We test cards, any amount 1 to 8, which are placed into slots within a single test chassis. We need to get information of each card in turn in the chassis. What we would like to do is to di
-
Cursor disappears OS X Mountain Lion Server
After the upgrade to OS X Lion on OS X Mountain Lion began disappearing cursor after resuming from sleep. Upgrade to version 10.8.1 has not helped.
-
Hi friends Is there any way that i could get this done (please see below) For a plant, if any of the BOM has undergone changes. It needs to be captured and mail sent to a user .The list to be sent on daily basis thro mail Please help with your input
-
2nd hand iPhone 4s IOS 7 problem !
I bought my 2nd hand iPhone 4s at last years , yersterday 3/12/2013 i upgrade my phone 7.0.1 ver to 7.0.4 ver . When i finish the upgrade , my iPhone change to before 1st user Apple ID . I have find & seen apple support and i cant find back 1st user