Thanks olive, it started working without any further changes after sometime of may be after I cleared all active sessions, not sure...can't say. I removed the cache-router-offload (just doing hit and trail) and has no significance because I do have specif route for my lan prefixes pointing towards by lan gateway in my proxy. However, I still don't see single packet counter in spoof counter hit in "sh cache-group 1", though it is working and works, definitely. Just cannot seen the packet counter match..weired..
Samit Oliver Adam wrote: > You have mentioned that your proxy supports reflecting the client IP... > is it going to change at least the source port of the packet or is it > keeping packets as they are (with client IP and client source port)? > The configuration does not seem to be complete - do you have a complete > one? You do have cache-router-offload enabled - are you able to tell me > a bit more about the (expected) traffic flow? > > R, Oliver > > At 21:31 02.06.2009, Samit wrote: >> Hi, I am trying to implement TCS with spoof support but it is not >> working, I don't see any Spoof pkt counter either. I am using L2 code >> in ServerIronGT EGx2. Anything more required to enable it and make it >> work, am I missing anything? My proxy support reflecting client ip >> address. Without spoof support it is just rocking without any single >> issue. >> >> My setup is >> >> LAN<--->ServerIron<--->WAN >> | >> Proxy1 >> >> Config: >> >> ver 10.2.01cTD2 >> ! >> module 1 bi-0-port-wsm6-management-module >> module 2 bi-jc-8-port-gig-module >> ! >> no global-stp >> >> server port 80 >> tcp >> ! >> server cache-name proxy1 192.168.40.142 >> port http >> port http url "GET \" >> ! >> >> server cache-bypass 100 >> >> server cache-group 1 >> filter-acl 101 >> cache-name proxy1 >> spoof-support >> ! >> server cache-router-offload >> ! >> interface ethernet 2/1 >> port-name LAN >> ! >> interface ethernet 2/3 >> port-name proxy1 >> ! >> interface ethernet 2/8 >> port-name WAN >> no cache-group >> ip-policy 1 >> ! >> ip policy 1 cache tcp http local >> ! >> access-list 100 remark no-tcs-prefix >> access-list 100 permit ip host 192.168.55.22 any >> access-list 101 remark tcs-prefix >> access-list 101 permit ip 192.168.224.0 0.0.0.255 any >> >> >> >> slb-tel...@sw-fdry #sh cache-group 1 >> >> Cache-group 1 has 1 members Admin-status = Enabled Active = 0 >> Hash_info: Dest_mask = 255.255.255.0 Src_mask = 0.0.0.0 >> >> Filter-acl: 101 Hit count: 0 >> >> Cache Server Name Admin-status Hash-distribution >> bluecoat 6 0 >> >> HTTP Traffic From <-> to Web-Caches >> >> Name: bluecoat IP: 192.168.40.142 State: 6 Groups = 1 3 >> >> Host->Web-cache >> Web-cache->Host >> State CurCon TotCon Packets Octets Packets >> Octets >> Spoof pkt Spoof oct Spoof pkt >> Spoof oct >> Web-Server active 0 0 4515919 2068851043 0 0 >> >> 0 0 0 0 >> >> Client active 5903 187341446 252270927 3288932869 >> 16098549142944827043 >> Total 5903 187341446 256786846 1062816616 >> 16098549142944827043 >> >> slb-tel...@sw-fdry-jwl-01# >> _______________________________________________ >> foundry-nsp mailing list >> [email protected] >> http://puck.nether.net/mailman/listinfo/foundry-nsp > > > > > _______________________________________________ foundry-nsp mailing list [email protected] http://puck.nether.net/mailman/listinfo/foundry-nsp
