Forum Discussion
fxt_31120
Nimbostratus
NimbostratusGet the source_addr ip with vs type in layer 4
Hello,
I have a virtual server in a performance layer 4 with a persistence profile in source_addr.
My goal is to send the client IP address to the member but I don't know how I can do that with a performance layer 4.
I just want to know if it is possible to get twith an irule this source_addr ?
Or any idea about it?
If you want further information:
the member is a citrix access gateway and it only works with layer 4 (don't know why), we have access to the web interface but unable to launch citrix apps if I use a standard VS.
Thank you for your help.
Best regards,
FX
8 Replies
What_Lies_Bene1Cirrostratus
Sorry but it's not clear to me, you want to pass the source IP address to the CAG somehow? In what form? Is this because you are SNATting?
Angelois this with natting or without natting...- fxt_31120Hello,
Yes I do a Snat . Do you want to the VS config ?
It might be easier ? - What_Lies_Bene1It's OK. Whilst it's possible to pass the original source IP address is the TCP headers I doubt you'll be able to configure the CAG to read the data. I don't see how this is possible at L4 I'm afraid.
It the SNAT absolutely necessary? - fxt_31120I don't think the Snat is absolutely necessary. The architecture is a VS with a public ip address and a member with a private IP address.
If there is another solution I can test it. - What_Lies_Bene1As long as you are sure the CAG (and any intervening routers etc.) will route back to the client IP addresses via the F5 then I'd suggest you setup a test VS without the SNAT using another IP (or port if addresses are short) and if that works, plan the same change on the live VS.
A traceroute from the CAG to any likely client IP address may help you determine the return routing path. - fxt_31120Hello,
I am not sure I can do that.
But Good News ! The virtual server is working on a Standard type. I just put the HTTP profile to "none".
It might be easier right now to help me.
VS config :
type Standard
Member listen on 443virtual test-accessgateway { snatpool snat-DMZ_private pool pool-test-accessgateway destination 1.1.1.1:https ip protocol tcp persist source_addr profiles { profile_wildcard.toto.com { clientside } serverssl { serverside } tcp {} } vlans DMZ_public enable } - What_Lies_Bene1That doesn't really help I'm afraid unless you can apply the HTTP profile which will then allow you to add a XFF header via the profile or an iRule.
