cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7270
Views
0
Helpful
2
Replies

ACE 4700 configuring SSL termination weblogic server 10.3.6

Laurens Toning
Level 1
Level 1

Hello,

Im trying to configure an ACE 4700 so that SSL termination is done on the ACE and HTTP reaches the weblogic server instance.

I have a working setup of a Apache reverse proxy doing SSL offloading and using a weblogic module and that works fine

Was reading http://docs.oracle.com/cd/E23943_01/web.1111/e13709/load_balancing.htm#i1045186

Can anyone point me to a working config example for doing this with the ACE4700 or give me some directions here?

Kind regards,

Laurens

1 Accepted Solution

Accepted Solutions

Cesar Roque
Level 4
Level 4

Hi Laurens,

Here is a basic configuration for SSL termination:

rserver host test

  ip address 10.198.16.98

  inservice

rserver host test2

  ip address 10.198.16.93

  inservice

serverfarm host test

  rserver test 80

    inservice

  rserver test2 80

    inservice

ssl-proxy service TEST

  key cert

  cert cert

class-map match-all VIPSSL

  2 match virtual-address 10.198.16.122 tcp eq https

policy-map type loadbalance first-match test

  class class-default

    serverfarm test

policy-map multi-match clients

  class VIPSSL

    loadbalance vip inservice

    loadbalance policy test

    loadbalance vip icmp-reply active

    nat dynamic 1 vlan 112

    ssl-proxy server TEST

interface vlan 112

  ip address 10.198.16.91 255.255.255.192

  access-group input Allow_Access

  nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat

  service-policy input NSS_MGMT

  service-policy input clients

  no shutdown

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team

View solution in original post

2 Replies 2

Cesar Roque
Level 4
Level 4

Hi Laurens,

Here is a basic configuration for SSL termination:

rserver host test

  ip address 10.198.16.98

  inservice

rserver host test2

  ip address 10.198.16.93

  inservice

serverfarm host test

  rserver test 80

    inservice

  rserver test2 80

    inservice

ssl-proxy service TEST

  key cert

  cert cert

class-map match-all VIPSSL

  2 match virtual-address 10.198.16.122 tcp eq https

policy-map type loadbalance first-match test

  class class-default

    serverfarm test

policy-map multi-match clients

  class VIPSSL

    loadbalance vip inservice

    loadbalance policy test

    loadbalance vip icmp-reply active

    nat dynamic 1 vlan 112

    ssl-proxy server TEST

interface vlan 112

  ip address 10.198.16.91 255.255.255.192

  access-group input Allow_Access

  nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat

  service-policy input NSS_MGMT

  service-policy input clients

  no shutdown

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team

Hello Cesar,

Thank you for your reply and time.

The actual solution for configuring the ACE 4700 specificaly to work with the Weblogic server was to insert a header.

action-list type modify http HTTP-HEADER-INSERT-WebLogic

header insert both WL-Proxy-SSL  header-value “true"

policy-map type loadbalance first-match ssl-test_somewhat.com_POLICY

class testsomewhat.com_CLASSURL

serverfarm http-test.somewhat.com

action HTTP-HEADER-INSERT-WebLogic

I hope this info will be usefull for other people that are trying to do the same.

Regards,

Laurens Toning


Review Cisco Networking for a $25 gift card