cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
852
Views
0
Helpful
3
Replies

ACE 4710 Module for End to End SSL

simone_mx
Level 1
Level 1

Can you Help Me?

Is possible configure ACE Module for End to End SSL with one armed configuration?

Thanks

3 Replies 3

amacuz
Level 1
Level 1

Ciao Simone,

you should be able to do that by referring to the normal End-to-End configuration

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/ssl/guide/endtoend.html#wp1047773

and by adding the source NAT on the "server side" to make sure the server sees the requests as coming from the ACE and not from the client.

Let me know how it goes

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

The problem is the follow:

I have an ACE 4710 (A3) configured One-Armed (sources natted on unique IP), the ssl session is terninated on server, but now is necessary track the source IP.

The x-forwarded option, is possible use in this case?

Can we help me?

Ciao Simone,

with End-to-End SSL configuration you allow the ACE to access to the content in clear of the SSL communication and hence the possibility to take decision based on the content and/or to modify it.

What you are asking should be possible by doing the following:

policy-map type loadbalance first-match P-MAP
  class class-default
    serverfarm SFARM
    insert-http X-Forwarded-For header-value "%is"

I hope this helps,

Alessandro

--

If   this helps you and/or answers your question please mark the question  as  "answered" and/or rate it, so other users can easily find it.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: