I'm using a Cisco CSS 11501 v7.2.
I've got a peculiar problem where I've configured a couple of web services and have put them into a content rule. The content rule contains a vip address that is accessed from an internet client, but has to go through a firewall first. This external address is NAT'd. The content rule has to be accessed by other servers in the same network subnet.
Here's where the problem occurs. When an internet client accesses the content rule, everything works fine. The load balancing works and the web services are served. Also, importantly, the web servers capture the original source IP address of the internet client for statistics gathering. When the content rule is accesses via a server from inside the firewall, on the same subnet, the content rule doesn't work. I can resolve this by using using groups. But...if I do this, the CSS controls all the traffic and inputs the vip address as the source IP. This screws up the web stats.
My question is: Would there be another way to have the content rule accessed from externally, internally and keep the original source IP address?
I hope this is enough information for you.
Thanks, in advance, for any advice you can provide me.
Cheers,
Harmeet