Hello,

I've setup a loadbalance policy where the ACE looks at a tcp/443 VIP and then balances sessions (based on source IP) to two different webservers. On these webservers the SSL cert is offered to the client and then we're all happy and secure.

However I now want to create a backup serverfarm on the 443 farm in the policy. This backup farm should give the client a 302 point to a maintenance site. It's not working and I think it has to do with the fact that the ACE doesn't serve a certificate. If it would be doing SSL offloading then it would be possible to insert a 302 into the clients request but since that is not the matter it will not work at all.

Am I right here or does anyone have a sneaky workaround to get it working? I know the real solution is to introduce SSL offloading but that's not an option in this setup due to application involvement.

Here's my config:

rserver redirect TEST-REDIRECT

  webhost-redirection http://does.nt.matter.now/ 302

  inservice

rserver host TEST-1

  ip address 172.17.32.20

  inservice

rserver host TEST-2

  ip address 172.17.32.21

  inservice

serverfarm redirect TEST-REDIRECT-FARM

  rserver TEST-REDIRECT

    inservice

class-map match-all TEST-443-VIP

  2 match virtual-address 172.17.35.11 tcp eq https

policy-map type loadbalance first-match TEST-443-POLICY

  class class-default

    serverfarm TEST-443-FARM backup TEST-REDIRECT-FARM

policy-map multi-match VIPS

  class TEST-443-VIP

    loadbalance vip inservice

    loadbalance policy TEST-443-POLICY

    loadbalance vip icmp-reply active