https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64958#M735 <HTML><HEAD></HEAD><BODY><P>You cannot do SSL termination on an ASA, because thats not its function, but as someone else mentioned you should be able to do an https</P><P>-&gt;http redirect on an ACE (or CSS) so long as you have the cert and key installed on the load balancer.</P></BODY></HTML> Thu, 13 Jan 2011 17:28:31 GMT kp75 2011-01-13T17:28:31Z https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64951#M728 <P>Can you redirect from https to http? I got redirection to work the other way fine. I reversed the configuration and it did'nt like it. Am I missing something?</P> Tue, 05 Nov 2002 15:31:38 GMT https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64951#M728 alex.goldstein 2002-11-05T15:31:38Z https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64952#M729 <HTML><HEAD></HEAD><BODY><P>Alex,</P><P></P><P>I have never tried this, but assuming the only thing that would be unique in this senario is the VIP address to redirect on, you could probably configure a rule like this.</P><P></P><P> content pete</P><P> vip address 154.1.1.1</P><P> protocol tcp</P><P> port 443</P><P> redirect "<A class="jive-link-custom" href="http://this.is.a.test.com" target="_blank">http://this.is.a.test.com</A>"</P><P> active</P><P></P><P>This assumes that you want to redirect all traffic coming in 443 to this vip and send the redirect back to the client.</P><P></P><P>Regards</P><P>Pete..</P></BODY></HTML> Tue, 05 Nov 2002 15:48:54 GMT https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64952#M729 pknoops 2002-11-05T15:48:54Z https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64953#M730 <HTML><HEAD></HEAD><BODY><P>Apparently not. If you look at</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/public/117/css_persistence_http.html" target="_blank">http://www.cisco.com/warp/public/117/css_persistence_http.html</A></P><P></P><P>It states</P><P></P><P>Because of limitations in the CSS 11000, redirects only can be sent from HTTP (Port 80) to HTTP or from HTTP to HTTPS (Port 443). If there is a requirement to send a redirect from Secure Hypertext Transfer Protocol (HTTPS), then the redirect must be sent from the Web server. </P><P></P><P>Hope it helps.</P></BODY></HTML> Fri, 15 Nov 2002 17:24:54 GMT https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64953#M730 RHLloydBGF 2002-11-15T17:24:54Z https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64954#M731 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P><BR />Did you find any solution to this? I have a similar requirement to convert HTTPS requests to HTTP and send to my UCCX server. Any idea ASA/CSM or any third party device can do it or not?</P><P></P><P>Thanks,</P><P>inner_silence</P></BODY></HTML> Thu, 02 Sep 2010 07:40:11 GMT https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64954#M731 Kapil Atrish 2010-09-02T07:40:11Z https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64955#M732 <HTML><HEAD></HEAD><BODY><P>You cannot do this unless you are terminating SSL on the CSS with an SSL card.Here is why:</P><P></P><P>when client connects on port 443 it sends a client hello and expects server hello back. So redirect cannot happen if ssl is not terminated on the CSS because ssl will not be negotiated as the client is expecting.</P><P></P><P>If you have the ssl card on the css and can terminate ssl on the CSS then you can do the redirection. For ssl termination configuration (again only if you have the hardware see:</P><P><A href="http://tools.cisco.com/squish/c5c23"><BR /></A></P><P><A href="http://tools.cisco.com/squish/c5c23" id="ext-gen223" onclick="">http://tools.cisco.com/squish/c5c23</A></P></BODY></HTML> Thu, 02 Sep 2010 12:53:39 GMT https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64955#M732 litrenta 2010-09-02T12:53:39Z https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64956#M733 <HTML><HEAD></HEAD><BODY><P>Hi Guys, </P><P></P><P>Good day to everyone. I would just like to ask if this is applicable to ASA 5500 appliances too?</P><P></P><P>Thanks in advance. </P><P></P><P>Jojo Santos</P></BODY></HTML> Thu, 13 Jan 2011 12:15:59 GMT https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64956#M733 jojsanto 2011-01-13T12:15:59Z https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64957#M734 <HTML><HEAD></HEAD><BODY><P>Hi Jojo,</P><P></P><P>ASA can't do SSL termination as CSS/CSM-S/ACE do. The most similar feature I think would be WebVPN but this </P><P>is&nbsp; unable to provide a decrypted data stream so not even close to the SSL offloading possibilites that LB products can offer you.</P><P></P><P>HTH</P><P>__ __</P><P>Pablo</P></BODY></HTML> Thu, 13 Jan 2011 17:22:04 GMT https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64957#M734 pablo.nxh 2011-01-13T17:22:04Z https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64958#M735 <HTML><HEAD></HEAD><BODY><P>You cannot do SSL termination on an ASA, because thats not its function, but as someone else mentioned you should be able to do an https</P><P>-&gt;http redirect on an ACE (or CSS) so long as you have the cert and key installed on the load balancer.</P></BODY></HTML> Thu, 13 Jan 2011 17:28:31 GMT https://community.cisco.com/t5/application-networking/https-to-http-redirect/m-p/64958#M735 kp75 2011-01-13T17:28:31Z