Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2393
Views
0
Helpful
4
Replies

ACE 30 redirect question

derek wilson
Level 1
Level 1

‎02-05-2016 06:40 AM

Hi

I have a ACE 30 with a VIP listening on 443 the passing traffic out to the rservers also on 443 - no ssl offload.

Is it possible to have a redirect for clients coming in on http to redirect to https?

Any config examples would be handy.

thanks

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Jorge Bejarano
Level 4
Level 4

‎02-08-2016 10:25 PM

Derek, maybe you can check this link: https://supportforums.cisco.com/document/12439761/cisco-ace-http-https-redirection-ssl-termination

Hope this helps!

Jorge

Don´t forget to rate the answer.

0 Helpful

Ahmed Sabanaa
Level 1
Level 1

‎12-18-2017 06:13 AM

hi dear ,
have you got answer about the above question , since i have the same query ?
0 Helpful

Marko Leopold
Level 1
Level 1
In response to Ahmed Sabanaa

‎05-14-2018 03:41 AM

Hi,

 

you can try this configuration

 

rserver redirect rserver-redir_HTTPtoHTTPS
  webhost-redirection https://%h/%p 301
  inservice

serverfarm redirect sfarm-redirect_HTTPtoHTTPS
  rserver rserver-redir_HTTPtoHTTPS
    inservice

class-map match-any cmap-vip_HTTPtoHTTPS
  2 match virtual-address 192.168.10.10 tcp eq www


policy-map type loadbalance first-match pmap-lb_HTTPtoHTTPS
  class class-default
    serverfarm sfarm-redirect_HTTPtoHTTPS
policy-map multi-match pmap_whatever
  class cmap-vip_HTTPtoHTTPS
    loadbalance vip inservice
    loadbalance policy pmap-lb_HTTPtoHTTPS

0 Helpful

sbhadrav@cisco.com
Level 5
Level 5

‎12-10-2018 06:25 PM

I will give you for one rserver, one serverfarm, one class map. You please do that same for rest of them. Test one first and replicate to others.

rserver redirect QA-group_1_redirect_rserver

  webhost-redirection

https://10.37.5.93/  302

  inservice

This is the redirect server.

rserver host QA-1.1

  ip address 10.37.5.111

  inservice

rserver host QA-1.2

  ip address 10.37.5.88

  inservice

Normal servers to which the traffic would be loadbalanced.

serverfarm redirect SF_QA-group_1_REDIRECT

  rserver QA-group_1_redirect_rserver

    inservice

This is redirect serverfarm

serverfarm host SF_QA-group_1_HTTPS

  failaction reassign

  predictor leastconns

  rserver QA-1.1 443

    inservice

  rserver QA-1.2 443

    inservice

Normal serverfarm with two rservers in it to which we will loadbalance the traffic.

class-map match-all QA-group_1_HTTP

  3 match virtual-address 10.37.5.93 tcp eq www

The class-map is condition for redirection. If user comes on 10.37.5.93 on 80.

class-map match-all QA-group_1_HTTPS

  3 match virtual-address 10.37.5.93 tcp eq https

Condition for user coming on port 443

policy-map type loadbalance first-match QA-group_1_REDIRECT

  class class-default

    serverfarm SF_QA-group_1_REDIRECT

This is a policy or action which ACE will take after the condition matches which is to redirect.

policy-map type loadbalance first-match QA_GROUP1_HTPPS

  class class-default

    serverfarm SF_QA-group_1_HTTPS

This is for HTTPS

policy-map multi-match SERVICE_VIPS
  class QA-group_1_HTTP
    loadbalance vip inservice
    loadbalance policy QA-group_1_REDIRECT
    loadbalance vip icmp-reply
  class QA-group_1_HTTPS
    loadbalance vip inservice
    loadbalance policy QA_GROUP1_HTPPS
    loadbalance vip icmp-reply

Same action is applied to the policy. If it matches class QA-group_1_HTTP, redirect it, since redirect policy is applied and if it matches class QA-group_1_HTTPS, loadbalance the traffic since LB policy is applied.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card