Hello,
I've setup a loadbalance policy where the ACE looks at a tcp/443 VIP and then balances sessions (based on source IP) to two different webservers. On these webservers the SSL cert is offered to the client and then we're all happy and secure.
However I now want to create a backup serverfarm on the 443 farm in the policy. This backup farm should give the client a 302 point to a maintenance site. It's not working and I think it has to do with the fact that the ACE doesn't serve a certificate. If it would be doing SSL offloading then it would be possible to insert a 302 into the clients request but since that is not the matter it will not work at all.
Am I right here or does anyone have a sneaky workaround to get it working? I know the real solution is to introduce SSL offloading but that's not an option in this setup due to application involvement.
Here's my config:
rserver redirect TEST-REDIRECT
webhost-redirection http://does.nt.matter.now/ 302
inservice
rserver host TEST-1
ip address 172.17.32.20
inservice
rserver host TEST-2
ip address 172.17.32.21
inservice
serverfarm redirect TEST-REDIRECT-FARM
rserver TEST-REDIRECT
inservice
class-map match-all TEST-443-VIP
2 match virtual-address 172.17.35.11 tcp eq https
policy-map type loadbalance first-match TEST-443-POLICY
class class-default
serverfarm TEST-443-FARM backup TEST-REDIRECT-FARM
policy-map multi-match VIPS
class TEST-443-VIP
loadbalance vip inservice
loadbalance policy TEST-443-POLICY
loadbalance vip icmp-reply active