02-05-2016 06:40 AM
Hi
I have a ACE 30 with a VIP listening on 443 the passing traffic out to the rservers also on 443 - no ssl offload.
Is it possible to have a redirect for clients coming in on http to redirect to https?
Any config examples would be handy.
thanks
02-08-2016 10:25 PM
Derek, maybe you can check this link: https://supportforums.cisco.com/document/12439761/cisco-ace-http-https-redirection-ssl-termination
Hope this helps!
Jorge
Don´t forget to rate the answer.
12-18-2017 06:13 AM
05-14-2018 03:41 AM
Hi,
you can try this configuration
rserver redirect rserver-redir_HTTPtoHTTPS
webhost-redirection https://%h/%p 301
inservice
serverfarm redirect sfarm-redirect_HTTPtoHTTPS
rserver rserver-redir_HTTPtoHTTPS
inservice
class-map match-any cmap-vip_HTTPtoHTTPS
2 match virtual-address 192.168.10.10 tcp eq www
policy-map type loadbalance first-match pmap-lb_HTTPtoHTTPS
class class-default
serverfarm sfarm-redirect_HTTPtoHTTPS
policy-map multi-match pmap_whatever
class cmap-vip_HTTPtoHTTPS
loadbalance vip inservice
loadbalance policy pmap-lb_HTTPtoHTTPS
12-10-2018 06:25 PM
I will give you for one rserver, one serverfarm, one class map. You please do that same for rest of them. Test one first and replicate to others.
rserver redirect QA-group_1_redirect_rserver
webhost-redirection
https://10.37.5.93/ 302
inservice
This is the redirect server.
rserver host QA-1.1
ip address 10.37.5.111
inservice
rserver host QA-1.2
ip address 10.37.5.88
inservice
Normal servers to which the traffic would be loadbalanced.
serverfarm redirect SF_QA-group_1_REDIRECT
rserver QA-group_1_redirect_rserver
inservice
This is redirect serverfarm
serverfarm host SF_QA-group_1_HTTPS
failaction reassign
predictor leastconns
rserver QA-1.1 443
inservice
rserver QA-1.2 443
inservice
Normal serverfarm with two rservers in it to which we will loadbalance the traffic.
class-map match-all QA-group_1_HTTP
3 match virtual-address 10.37.5.93 tcp eq www
The class-map is condition for redirection. If user comes on 10.37.5.93 on 80.
class-map match-all QA-group_1_HTTPS
3 match virtual-address 10.37.5.93 tcp eq https
Condition for user coming on port 443
policy-map type loadbalance first-match QA-group_1_REDIRECT
class class-default
serverfarm SF_QA-group_1_REDIRECT
This is a policy or action which ACE will take after the condition matches which is to redirect.
policy-map type loadbalance first-match QA_GROUP1_HTPPS
class class-default
serverfarm SF_QA-group_1_HTTPS
This is for HTTPS
policy-map multi-match SERVICE_VIPS
class QA-group_1_HTTP
loadbalance vip inservice
loadbalance policy QA-group_1_REDIRECT
loadbalance vip icmp-reply
class QA-group_1_HTTPS
loadbalance vip inservice
loadbalance policy QA_GROUP1_HTPPS
loadbalance vip icmp-reply
Same action is applied to the policy. If it matches class QA-group_1_HTTP, redirect it, since redirect policy is applied and if it matches class QA-group_1_HTTPS, loadbalance the traffic since LB policy is applied.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide