CSS 11500:Client ip-address visible to the real server

Is it possible to keep the original ip-address of the client when the the css is redirecting the traffic to the real server. customer needs the client ip-address on the real server for reporting.
regards
Dietrich Schleyer

Dietrich,
by default the CSS will keep the original client ip address.
To have the CSS changing the client ip, your customer must have configured a group with 'add destination service'.
Probably because your client is using a one-armed setup which is the easiest to implement but the worst to use.
So, your customer should go to a 2-sides CSS design and have the traffic flow through the CSS without the need to do client nat.
Once the design is correct, you can remove the group and the CSS will keep the client ip address.
Regards,
Gilles.
Thanks for rating.

Similar Messages

  • Duplicate Client IP Address Matching Teamed Adapter on Server

    I am experiencing a problem with a client's WLAN and client IP address conflicts.
    Basically every wireless client reports a problem that it is having an IP Address conflict with another device on the network (wired).
    The device in mention is a Dell Server with Teamed network cards. They have three of them and clients are reporting conflicts with all three.
    On investigating further there is no address conflict as the "Teamed Adapter" has a completly different network address (static) and the wireless clients are using the internal WLC DHCP server in a different range. (although it is all one flat network).
    The clients report that there is an address conflict, the MAc that it gives is the Teamed Server but the IP address is only its own and not on the Teamed Adapter.
    Has anyone seen this before or had a problem with "Teamed Adapters" on servers.
    Our environment is:
    WLC 4402-50 running 5.2.178
    Flat Network.
    Thanks

    Hi Roman,
    thanks for your reply.
    Basically what i have found is that it Servers running Microsoft Windows 2003 or Windows 2000, that have teamed NICs using Broadcom Advanced Server Programs (BASP) in an active/active team, respond to other server's gratuitous ARP packet with an incorrect IP address. The Microsoft Windows server will respond to the other server sending the gratuitous ARP, with the Microsoft Windows server team MAC address, but with the other server's IP address in the sender field of the packet. This causes the other system to respond as if there is a duplicate IP on the network.
    Fix is to upgrade to BASP driver version 6.2.32, or newer. This version of the BASP driver was first included with the Broadcom NetXtreme Gigabit Ethernet Software.
    An upgrade of the drivers apprently will fix this issue althouh i have tried it on 3 servers with this ocnfiguration and it fixed it for two of them.
    The work around is to disable the active/active NIC team and use an active/standby team instead.
    Someone else on this forum must of come across this before i am sure?
    Anyway if it does resolve the issue i will post it back here so that anyone else in the future with this problem has a resolution!!
    thanks

  • ACE 4710 Probes on other servers than the real server

    Hi,
    I wanted to know if there is a means to configure a probe that is independent of the real servers.
    The aim is to configure a probe a real server but also probe another intermediate server which is not in the server farm.
    The objective is to declare the real server down if its probe fails but also the probe to an intermediate server fails as well as a or condition.
    From the document, there is no mention of it.
    But is there a means to do it.
    Thanks.

    Hi Ashley,
    i see it is not mentioned anywhere in document but i think ou should be able to bind two probes with real server of which one probe is actually probing another server.
    I would configure one probe let's say TCP based and bind it with serverfarm. Then i would configure another probe TCP based and define IP address in that probe (the other server IP which we need to probe) and bind this probe with same serverfarm. Serverfarm will not have this rserver added. And then i would configure "fail-on-all" and test if that works for you.
    i know you can set probe on redirect server/serverfarm which actually probes another real server so logically should work for normal host rserver as well. But i have never tested it myself.
    Regards,
    Kanwal

  • Leopard clients periodically lost connection with the AD Server

    Hi everyone and, first of all, sorry for my poor english.
    I manage a network of Apple computers, connected to an Active Directory server on a Windows 2003. No exotic configurations, Apple clients only use the AD as a login server.
    Everything works fine, except for a strange issue that happens sometimes (these days too often, by the way) on the Apple clients: login failed, and the only thing I found to fix this issue is to re-join the computer to the AD server.
    When the problem occurs, this is the output of "ls -l /Users":
    drwxrwxrwt   7 root         wheel        238B Mar  1  2011 Shared
    drwxr-xr-x+ 16 2007941056   1918399388   544B May  9  2011 e.valeri
    As you can see, UID and GID are not matched with the real Username and GroupName, which are in the AD server.
    I am not an Apple expert but I'm a Linux System Administrator, so it is not a problem for me to search in the logs with the command line but, at the moment, I didn't find any clues.
    Can you help me?
    Thanks in advance

    Hi I.Golovan,
    I'm sorry to hear you are having Mail issues on your MacBook Pro. If the disconnect issue to your Mac Mini mail server is intermittent but persistent, you may want to wait until it disconnects, then try running Connection Doctor to see what it returns about the connection, as outlined below:
    Mail (Yosemite): Use Connection Doctor
    Regards,
    - Brenden

  • System went down after this message Client is not known to the mess server

    Hi Guru's,
    I am running 4.6c on Ora 8i, Windows 2000 Server. We have 1 application server. The central instance and DB is on same host.
    <b>Initially i got following error message 2 times in the system log reading:-</b>
    No free memory available in class PERM . Memory block ID "abtsv2", 958955044 bytes
    <b>After above message I got an information message Continuously 30 minutes in the system log reading:-</b>
    Client cinsapp1_PRI_00 is not known to the message serve
    <b>Then stoped the workproccess one by one</b>
    Stop Workproc 5, PID 4800
    Stop Workproc13, PID 4468
    Stop Workproc18, PID 4508
    Stop Workproc11, PID 4452
    Stop Workproc14, PID 4476
    Stop Workproc12, PID 4460
    Stop Workproc17, PID 4500
    Stop Workproc24, PID 4560
    Stop Workproc23, PID 4552
    Stop Workproc25, PID 4576
    Stop Workproc10, PID 4444
    Stop Workproc16, PID 4492
    Operating system call recv failed (error no. 10054)
    Operating system call WSASend failed (error no. 10053)
    <b>Finally R/3 system was stoped.</b>
    Please let me know the process how to check the trace for this problem. If any body got same problem please suggest me how can i resolve this problem.
    Thanks in advance,
    Ramesh

    Hi Experts,
    How you fixed this issue, Please share with us.
    because i am also facing the same problem in one of our SAP server.
    Thanks & regards,
    Pandiyan

  • Display name of shared calendar in Outlook clients after name change on the Exchange Server

    I have changed the name of a conference room resource calendar on the Exchange server but the name change is not being reflected in the end user's Outlook clients. I tested a remove/re-add and that worked but I cannot have everyone in the company do this.
    Is there anyway to force the change down to the Outlook clients?

    I don't know for sure, but if this is the case, then it's highly likely that the GUID is used by the client after its first view of the calendar.  From that point on, it appears it doesn't "revisit" the directory for updated names. 
    We'd need Outlook team feedback for confirmation.

  • Client version is different on the primary server and workstations

    Hi Guys,
    I have a quick question.
    What is the impact if the client version on the workstations are higher than the primary site version?
    In our environment, some of the machines client got updated to 5.00.7804.1300. But our primary site server version is 5.00.7804.1000.
    Thanks in advance.

    Well, if the same major version, being SP1 or R2, then generally OK. However, between major versions, you are not supported having a higher client version (for example R2) reporting to a lower version (for example SP1).
    Even within a site, with the same higher version, there should be no way to get clients installed at a higher CU than the site server. Of course, if the site server is a client, then it could be R2 CU1, and other clients being R2 CU2. But R2 CU2 would still
    be installed on the site server, maybe just not the client on the site server.
    And I believe as of CU2 of R2, they are not updating the Help About version to reflect CU release so that will help.
    Wally Mead

  • Client is not known to the message server

    Hi,
    I've search SAP Notes but could not find any answer to my problem. I am running 4.7 (620) on Ora 9i, Windows 2000 Advanced Server and kernel 155. We have 2 application servers and one DB server.
    I get an error message every 5 minutes in the system log reading:-
    Client PRD01PRD_00 is not known to the message server
    Client PRD02PRD_00 is not known to the message server
    This message translates in dev_w0 as follows:-
    ERROR => ThCheckReqInfo: message send/receive failed [thxxhead.c 16132]
    ERROR => ThSysAdmMsg: ThAdmSend [thxxab.c   6903]
    Please advise on a solution.

    Dear Ferrandi,
    this is an attempt to send an ADM message to a given instance. The problem is that the message server is not aware of such an instance. If you say that this happens every 5 minutes, it will be some kind of automatic job trying to speak to an instance not available in the system. I would suggest that you reset the trace files, then switch the trace level of the first three dialog work processes to 2 (components taskhandler, abap proc., and scrn. proc.) and then set the profile parameters
    rdisp/TRACE_LOGGING = on, 10m
    rdisp/TRACE_PATTERN_0 = ERROR => ThSysAdmMesg: ThAdmSend
    so that tracing will stop as soon as the problem happens again. Do post the work process trace file that has the error message here or send it via mail to me so that I can check which report is being run.
    Best Regards,
    Tim

  • How to get rid of the message Client submission probe stuck in the Exchange Server Queue?

    We have Exchange 2013 in Hybrid with Office 365.
    How to get rid of the message in the Exchange Server Queue?
    Mounting the database fixed it.
    Thanks!!!

    Mounting the database fixed it.

  • How can I change the real server convergence timer in LD ?

    I have LD416(3.1.4) and configured 1*VIP and 2*Real server. looks it takes about 30 seconds to switching to the other real server when one of failure.
    Q) How can I reduce the the convergence time?
    Thanks,

    I am not sure , but check with by configure the DELAY command and see if that helps resolve this.For related information on timers, could you refer the below URL :
    http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca75d.html

  • Inserting Cookie to the real server

    Hi ,
    I have a requirement , i have no clue how far it is possible to implement.
    I need to insert a cookie ( specifc value) to the real servers while doing the stickiness..
    means stickiness is based on the insertion of cookie , i need it as follows
    If the requesting is serving to SERVER1 then it should pass a cookie value SRV1 with that request , if SERVER2 and then cookie value SRV2 should be inserted and so on and so forth.
    Is this practically possible.
    I have done insertion of HTTP cookie using ACE but this kind of request i have never achieved. Is it possible to do it in ACE?
    -Parvees

    To me the definite answer is no. I'm not even sure you could do it with another product.
    Usually we don't play with cookies but fields of HTTP headers instead. But on the ACE (and most load balancers) you'll find the same or close behavior.

  • Mac client bc addresses visible to recipients

    We're using the Mac client, v8.0.2HP4, and attempting to send messages where the bc field contains a group with internal and external addresses as well as nested groups of external addresses. The message is sent, but here are the problems we're seeing:
    1. Internal recipients to whom the message is bc'd can click the "Properties" tab and see listed all the bc addressees.
    2. External recipients to whom the message is bc'd see the entire collection of bc'd addressees in the to: field if their received message.
    The same message and addressee setup works correctly when sent from the Windows GW 8.0.3 (build 108711) client.
    Anyone seen anything like this?

    janthenat wrote:
    > We've confirmed that the same problem occurs using a separate known clean GW
    > install. It does, in fact, appear to be the client but hoping to find a way
    > to work around it.
    Unfortunately, I don't know of any way to work around this.
    Danita
    Novell Knowledge Partner
    Are you a GroupWise Power Administrator? Join our site.
    http://www.caledonia.net/register
    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  • What is the appropriate product name for CSS 11500 on Bug Toolkit

    Today I tried to search DDTs of CSS 11500 on Bug Toolkit (http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl), however I can not find out appropriate product name corresponding to CSS 11500.
    Before I had searched DDTs of CSS 11500 on Bug Toolkit many times, at that time, if my memory correct..
    I selected "Cisco CSS 11500 Series Content Services Switches" in the list of "Search for bugs in other Cisco software and hardware products" on Bug Toolkit.
    But I can not find this product name today.
    Do you know what product name appropriate for CSS 11500 on Bug Toolkit ?
    Your information would be appreciated.
    Best regards,

    Hi Gilles,
    Thank you for your cooperation.
    Today, I can find the CSS at "new Bug Toolkit".
    http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
    Select Product Category: Application Networking Services
    Select Product: Cisco CSS 11000 Series Content Services
    So I understand I should go "new Bug Toolkit" instead of old "Bug Toolkit" to
    search any DDTs for CSS 11500.
    Many thanks.
    Best regards,

  • How do I get list of client IP Addresses using new Airport Utility v6.3?

    I have purchased and Airport Time Capsule 3TB (newest model).  Previous models were still compatible with Airport Utility 5.6 and I could use "manual" mode to get a list of client IP addresses attached to the device.  The new Airport Time Capsule is only compatible with Airport Utility 6.3 and I cannot figure out how to get a list of client IP addresses with this new model. Does anyone know how to do this?

    Try a ping broadcast - for example if your network were 192.168.1.xxx (netmask of 255.255.255.0) try this from a Termnal.app window (located in /Applications/Utilities):
         ping 192.168.1.255
    If you have a different type netmask, you need to put 255's where the 0's are in your netmask.
    Everyone on the local network (the 192.168.1.xxx network) should reply that is up and running unless you have them setup to not respond to pings (the WAN port on your TC should not reply cause it's in a different network) and you have your list of clients on the network. If you setup the TC to dedicate a range of addresses for WiFi clients you can even identify which of them are wired and which are wireless.
    good luck.

  • How can I preserve Client IP address?

    I am configuring the ACE for bridged mode. However, the real server is seeing VIP IP but not Client IPs. Our business requires that the real server must see client IPs. Do you have any idea how to set that up?
    I tried to turn ON/OFF normalization but it is still not working.
    Thanks,
    Vincent
    ==============================
    Here is my configuration:
    rserver host 192.168.71.71
      ip address 192.168.71.71
      inservice
    serverfarm host WEB_FARM
      failaction purge
      probe ICMP
      rserver 192.168.71.71
        inservice
    access-list PERMIT-BPDU ethertype permit bpdu
    access-list ALL line 8 extended permit ip any any
    sticky ip-netmask 255.255.255.255 address source WEB_FARM_Sticky
      timeout 180
      replicate sticky
      serverfarm WEB_FARM
    class-map match-all WEB_FARM_VIP
      2 match virtual-address 192.168.71.154 tcp eq 80
    class-map type management match-any remote_access
      2 match protocol xml-https any
      4 match protocol icmp any
      5 match protocol telnet any
      6 match protocol ssh any
      7 match protocol http any
      8 match protocol https any
      9 match protocol snmp any
    policy-map type loadbalance first-match WEB_FARM_Policy
      class class-default
        sticky-serverfarm WEB_FARM_Sticky
    policy-map multi-match WEB_VIPS
      class WEB_FARM_VIP
        loadbalance vip inservice
        loadbalance policy WEB_FARM_Policy
        loadbalance vip icmp-reply active
        nat dynamic 6 vlan 31
        nat dynamic 5 vlan 21
    interface vlan 21
      description Client VLAN
      bridge-group 171
      no normalization
      mac-sticky enable
      access-group input PERMIT-BPDU
      access-group input ALL
      service-policy input WEB_VIPS
      nat-pool 5 192.168.71.154 192.168.71.154 netmask 255.255.255.255 pat
    interface vlan 31
      description Server VLAN
      bridge-group 171
      no normalization
      mac-sticky enable
      access-group input PERMIT-BPDU
      access-group input ALL
      service-policy input WEB_VIPS
      nat-pool 6 192.168.71.154 192.168.71.154 netmask 255.255.255.255 pat
      no shutdown
    interface bvi 171
      ip address 192.168.71.3 255.255.255.0
      no shutdown

    Do you have a default route on the ACE and the rservers? Are they all pointing to the same IP? I have the same configuration.  An ACE 4710 in transparent mode, but I have no NATing and my rservers are able to see the original client IPs (security requirement).
    Here is part of my config for one serverfarm
    rserver host RS_MIDTIER_220
      description
      ip address 172.31.0.131
      inservice
    rserver host RS_MIDTIER_221
      description
      ip address 172.31.0.132
      inservice
    rserver host RS_MIDTIER_222
      description
      ip address 172.31.0.133
      inservice
    rserver redirect RS_SSL_Redirects
      webhost-redirection https://%h/%p 301
      inservice
    action-list type modify http SSL_URL_REWRITE
      ssl url rewrite location ".*"
    serverfarm redirect SF_SSL_Redirects
      predictor leastconns
      rserver RS_SSL_Redirects
      inservice
    serverfarm host SF_Midtier_Prod
      description Midtier Production
      predictor leastconns
      probe APACHE
      probe ICMP
      rserver RS_MIDTIER_220 80
        inservice
      rserver RS_MIDTIER_221 80
        inservice
      rserver RS_MIDTIER_222 80
        inservice
    ssl-proxy service SSL_PSERVICE_MIDTIER_PROD
      key
      cert
      chaingroup EntrustChainGroup
    sticky http-cookie JSESSIONID Sticky_Jsession_Cookie_Midtier_Prod
      timeout 90
      serverfarm SF_Midtier_Prod
    class-map type management match-any REMOTE_MGT_ACCESS
      description remote access traffic match
      2 match protocol ssh source-address
      4 match protocol https source-address
      5 match protocol snmp source-address
    class-map match-any VS_Midtier_Prod_L3SLB
      description Midtier Prod IPs
      2 match virtual-address 172.31.0.46 tcp eq https
      3 match virtual-address 172.31.0.47 tcp eq https
    class-map match-any VS_SSL_Redirects
      description Redirects any http VIPS to https
      5 match virtual-address 172.31.0.46 tcp eq www
      6 match virtual-address 172.31.0.47 tcp eq www
    policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
      class REMOTE_MGT_ACCESS
        permit
    policy-map type loadbalance http first-match Midtier_Prod_L4SLB
      class class-default
        sticky-serverfarm Sticky_Jsession_Cookie_Midtier_Prod
        action SSL_URL_REWRITE
    policy-map type loadbalance first-match SSL_Redirect_L4SLB
      class class-default
        serverfarm SF_SSL_Redirects
    policy-map multi-match Farm_VIPS
      class VS_SSL_Redirects
        loadbalance vip inservice
        loadbalance policy SSL_Redirect_L4SLB
      class VS_Midtier_Prod_L3SLB
        loadbalance vip inservice
        loadbalance policy Midtier_Prod_L4SLB
        loadbalance vip icmp-reply active
        ssl-proxy server SSL_PSERVICE_MIDTIER_PROD
    interface vlan 100
      description DMZ ACE frontside
      bridge-group 1
      access-group input BPDUALLOW
      access-group input ALL
      service-policy input REMOTE_MGMT_ALLOW_POLICY
      service-policy input Farm_VIPS
      no shutdown
    interface vlan 110
      description DMZ ACE backside
      bridge-group 1
      access-group input BPDUALLOW
      access-group input ALL
      no shutdown
    interface bvi 1
      ip address 172.31.0.150 255.255.255.0
      no shutdown
    rserver redirect RS_SSL_Redirects
      webhost-redirection https://%h/%p
    301
      inservice
    domain
    ip route 0.0.0.0 0.0.0.0 172.31.0.1

Maybe you are looking for

  • Vista and itunes 7.5

    I have searched the forums and haven't found the answer to make this work: I install 7.5 and it's other parts.... quicktime and the updaters, i try to launch it and vista says it has in countered a problem with items and shuts down, i have tried to c

  • Product graphic for used input

    Hi, I am looking for suggestions/direction on the following. We test cards, any amount 1 to 8, which are placed into slots within a single test chassis. We need to get information of each card in turn in the chassis. What we would like to do is to di

  • Cursor disappears OS X Mountain Lion Server

    After the upgrade to OS X Lion on OS X Mountain Lion began disappearing cursor after resuming from sleep. Upgrade to version 10.8.1 has not helped.

  • BOM changes automated Report

    Hi friends Is there any way that i could get this done  (please see below) For a plant, if any of the BOM has undergone changes. It needs to be captured and mail sent to a user .The list to be sent on daily basis thro mail Please help with your input

  • 2nd hand iPhone 4s IOS 7 problem !

    I bought my 2nd hand iPhone 4s at last years , yersterday 3/12/2013 i upgrade my phone 7.0.1 ver to 7.0.4 ver . When i finish the upgrade , my iPhone change to before 1st user Apple ID . I have find & seen apple support and i cant find back 1st user