We have a LB ADC 340. We have recently turned on Client Impersonation. Long story short we now cannot navigate directly to a Real Server over port 80 that has Client Impersonation turned on.
Here is an example of the setup:
Summary/Example of my working settings:
Service IP is 172.16.15.240 and is on the GE-1-1 interface
Real Server IP addresses are:
The Default Gateway on the Real Servers are pointing to 172.16.15.240
I have the default route configured on the GE-1-1 interface point to the Gateway of 172.16.15.1.
To ensure traffic originating from the real servers only goes where it is allowed, I have a policy-based-route for each of the Real Servers.
The Policy Based Route says anything from 172.16.15.x going to 0.0.0.0 then route it over the GE-1-1 interface to 172.16.15.1, meaning no traffic other than management goes over the MGMT interface.
I also have a configured route on GE-1-1 saying route responses from IP 172.16.14.234 to 172.16.15.1.
The only issue again is that with Client Impersonation is turned on, access to port 80 to a Real Server times-out/is denied.
Here are some scenarios:
-Client Impersonation turned on, I cannot hit port 80 from 172.16.14.234 to 172.16.15.241
-Turn Client Impersonation off and I can, but only because of the configured route that specified my IP address.
-I added port 8181 to my Real Server website configuration, then with Client Impersonation off I can access the server directly either over port 8181 or port 80.
-Now turn Client Impersonation back On and I can only access the Real Server directly through port 8181.
-Now If I go into the Configured Server/Real Server settings under the Virtual Service and tell it to communicate with the Real Server over port 8181 instead of 80, then the problem flips and I can only access port 80 on the Real Server directly with Client Impersonation turned on.
Anyone know what is specifically happening with port 80, or in other words the port the Load Balancer Virtual Service is configured to talk with the Real Server on?