Forum Discussion
Traffic ignore for specific IP
Hi All,
I'm trying to get return traffic ignored by a transparent vip. The sender is a bluecoat and is sending response back to client on the same vlan as my transparent vip. This is the rule I'm using to try and do this, however it seems to stop the vip from doing its job, (grabbing all port 80 traffic)
when CLIENT_ACCEPTED {
log "rule hits clientaccept"
if { not [IP::addr [IP::client_addr] equals 10.10.20.85 ] } {
log "rule hits if statement"
pool BlueCoat
}
}
Any help on this would be greatly appreciated
M
2 Replies
hoolioCirrostratus
If you define a more specific virtual server, it would take precedence in answering traffic than a more general virtual server. This is described in SOL6459 (Click here).
Can you provide more detail on the overall issue? In general, responses to requests through a VIP should be handled back through the same VIP. What are you trying to accomplish, and what is failing?
Aaron- I'm in the midst of a PoC for an ISP, basically I have to fit in thier layer2 network and LB web traffic through to a pair of BlueCoats. The constraints are that I have to be in bridge mode and I can't change the source ip of the client.
My current config is multiple vlans inside a vlan group, (vlan21, 22 and 23), vlan21 is the user vlan, vlan22 is the internet vlan and vlan23 is one of the bluecoats. The vip is located on vlan21 and is a transparent wildcard virtual grabbing all port 80 traffic and directing it at the bluecoats in vlan23.
Without an irule, all traffic directed back to the client via vlan21 from vlan23 is cpatured again by the wildcard virtual. I need the irule to determine the source ip and if its the bluecoat, do not apply the virtual. When the irule is applied, the virtual stops working and all traffic from the client goes out through the layer2 gateway on vlan23.
M
