cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1515
Views
0
Helpful
6
Replies

ACE 4710 HTTPS load balance configuration

Andy Johnson
Level 4
Level 4

Have two ACE 4710 in HA setup. We would like to setup HTTPS loadbalance(actually just a primary and standby configuration in the serverfarm). Initially this would be for Exchange OWA connections but may expand to more HTTPS connections later.

I know there are several ways to do SSL with the ACE( client, server, end-to-end). I am just wanting to know the easiest way to deploy this? Is a certificate always needed on the ACE for each connection? In HA mode would a certificate be needed for both or does it replicate in some way to the other ACE?

Any configuration examples would be helpful.

Thanks.

6 Replies 6

Hi Andy,

The easy way is to terminate the SSL on ACE just for the clients , and between the ACE and the servers you will have HTTP ( clear ) connection - usually the datacenter traffic is could be clear and is some how not a threat.

As for the certificate , this should be copied on both ACE, it is not replicated and is needed for each client connection.

Regards.

litrenta
Level 3
Level 3

IF you terminate SSL on the ACE you need certificates and key on ace in the context in which you are doing the termination. The certs and keys need to be installed on the active and standby (manually unless using anm to manage).

when speaking of SSL

SSL termination refers to ace terminating SSL and sending to server as clear text

end to end - ACE terminates SSL (to look into payload to make a loadbalance decision or sticky decision) and then re-encrypts to the server, so to the client ACE is an ssl server and to the server the ace is an ssl client.

You can find some config examples at

http://docwiki.cisco.com/wiki/Category:Data_Center_Application_Services_Configuration_Examples

Andy Johnson
Level 4
Level 4

I am not the Exchange admin, but does OWA work without being HTTPS?

So can I use the same CSR from the primary and get the cert, then install the same certificate on both ACE? Or would I need two CSR's and two certs?

Andy Johnson
Level 4
Level 4

Thanks for all the help and quick responses.

If the another server requires HTTPS this would require the end-to-end SSL configuration?

If the server could not run HTTP , then yes.

Regards

Dan

Review Cisco Networking for a $25 gift card