Well I have struggled with our new ACE over the last few weeks but I think I am on my last issue
Currently have all inbound SSL termination working for *.english.ca
which uses a VIP of 192.168.10.10
but
I also need to terminate all inbound SSL connections for *.french.ca
which needs to use VIP 192.168.10.20
Right now all connections still appear to be going thru the 192.168.10.10 VIP when I look at service policy hitcounts.
Here is my config
class-map match-all english
2 match virtual-address 192.168.10.10 255.255.255.224 tcp eq https
class-map match-all french
2 match virtual-address 192.168.10.20 255.255.255.224 tcp eq https
policy-map multi-match vip
class english
loadbalance vip inservice
loadbalance policy english
loadbalance vip icmp-reply active
nat dynamic 1 vlan 500
ssl-proxy server english
class french
loadbalance vip inservice
loadbalance policy french
loadbalance vip icmp-reply active
nat dynamic 2 vlan 500
ssl-proxy server french
interface vlan 500
description xxxxxxx
ip address 192.168.10.2 255.255.255.224
access-group input 101
nat-pool 2 192.168.10.20 192.168.10.20 netmask 255.255.255.255 pat
nat-pool 1 192.168.10.10 192.168.10.20 netmask 255.255.255.255 pat
service-policy input vip
service-policy input REMOTE_MGMT_ALLOW_POLICY
no shutdown
Sh service-policy summary shows that no matter what...all ssl connections are hitting against the english vip
service-policy: vip
Class VIP Prot Port VLAN State Curr Conns Hit Count Conns Drop
english 204.101.28.164 tcp eq 443 1,500 IN-SRVC 0 11 0
french 204.101.28.166 tcp eq 443 1,500 IN-SRVC 0 0 0
Surely I must be able to run multiple VIPS ?
Any help would be appreciated.
Cheers
Dave
