Solved: ACE ONE ARM MODE

mohamed fayz · ‎08-06-2012

HI,

I have configured Cisco ACE 4710 in one-arm mode(physically it is in DMZ segment). I have to load balance OWA servers using ACE, these servers are physically on inside of firewall.

Now, the load balancer is working fine with one arm mode and source nat. I got a requirement from client that, they need to terminate SSL connections in ace , then ace to servers should be clear text (SSL OFFLOADING).

Please anyone suggest me, if there any limitations in SSL offloading with one arm mode??? if not, how can i confiugre SSL termination??

Hope your expert reply.

sivaksiv · ‎08-06-2012

Hi,

The limitation of One ARM with SRC NAT is you will loose the client information. Server logs will show the connections initiated from NAT IP Pool configured on ACE.

Please refer below link for sample SSL termination config:

http://docwiki.cisco.com/wiki/SSL_Termination_on_the_Cisco_Application_Control_Engine_Using_an_Existing_Certificate_and_Key_in_One_Arm_Mode_Configuration_Example

Regards,

Siva

View solution in original post

sivaksiv · ‎08-06-2012

Hi,

The limitation of One ARM with SRC NAT is you will loose the client information. Server logs will show the connections initiated from NAT IP Pool configured on ACE.

Please refer below link for sample SSL termination config:

http://docwiki.cisco.com/wiki/SSL_Termination_on_the_Cisco_Application_Control_Engine_Using_an_Existing_Certificate_and_Key_in_One_Arm_Mode_Configuration_Example

Regards,

Siva

mohamed fayz · ‎08-07-2012

Thank you Siva, its working now