cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1054
Views
0
Helpful
4
Replies

ACE redirection issue

Hi,

we have our main website https://abc.com and it provides links to users for various applications.

If i go to https://abc.com and click the link xyz on it, i get back to main page again and current  connections drops to 0. here my browser should be redirected to https://abc.com/xyz which is not happening. Traffic is getting tunnnled to https://abc.com as seen in logs in http catcher.

But if i type in https://abc.com/xyz in browser, i go to correct page.

below  is my configuration. please let me know if any other configuration is  needed, Below config is with 2 links but actual production has many  links.

I have similar issue for another application where links on  main page can not be accessed. that application works on http  instead  of https.

rserver redirect xyz

  inservice

  webhost-redirection "https://abc.com/xyz"

rserver redirect uvw

  inservice
  webhost-redirection "https://abc.com/uvw"

rserver host abc

ip address 1.1.1.1

inservice

serverfarm redirect xyz

rserver xyz

inservice

parameter-map type http case_param

  case-insensitive

  no persistence-rebalance (i also tried enabling it)

  set header-maxparse-length 65535

  set content-maxparse-length 65535

  length-exceed continue

parameter-map type ssl abc

  cipher RSA_WITH_3DES_EDE_CBC_SHA

ssl-proxy service abc

  key abc

  cert abc

  ssl advanced-options abc

serverfarm redirect uvw

rserver uvw

inservice

serverfarm host abc

rserver abc

inservice

class-map type http loadbalance match-any map1

   match http url /xyz.*

class-map type http loadbalance match-any map1

   match http url /uvw.*

policy-map type loadbalance first-match ssl-abc

class map1

    serverfarm xyz

class map2

    serverfarm uvw

class class-default

    serverfarm abc 

class ssl-intranet

    loadbalance vip inservice

    loadbalance policy ssl-abc

    loadbalance vip icmp-reply active

    nat dynamic 1 vlan 368

    appl-parameter http advanced-options case_param

    ssl-proxy server abc

the IP address mentioned for abc.com (1.1.1.1) is on cisco CSS (VIP for www.abc.com for internal users) which is serving my internal clients. The CSS then points to actual server hosting abc.com. The ACE is serving clients coming from Internet and CSS is serving my internal clients which connect with http. Is this problem because of communication issue between ACE and CSS?

Can anybody suggest?

4 Replies 4

Jorge Bejarano
Level 4
Level 4

Hi,

Could you try?

rserver redirect xyz

  webhost-redirection "https://abc.com/xyz" 301

  inservice

rserver redirect uvw 

  webhost-redirection "https://abc.com/uvw" 301

inservice

It might be possible the redirect is working but maybe the other portion is not.

Could you upload the VIP?

Jorge

Could you add the configuration once the traffic is redirected?

class-map match-all intranet

  2 match virtual-address 198.184.231.7 tcp eq www

class-map match-all ssl-intranet

  2 match virtual-address 198.184.231.7 tcp eq https

I have 2 different policy maps .........intranet map redirects to ssl-intranet map which then makes redirection to individual applications.

policy-map multi-match external-lb

  class extranet

    loadbalance vip inservice

    loadbalance policy extranet

    loadbalance vip icmp-reply active

    nat dynamic 1 vlan 368

    appl-parameter http advanced-options case_param

  class ssl-extranet

    loadbalance vip inservice

    loadbalance policy ssl-extranet

    loadbalance vip icmp-reply active

    nat dynamic 1 vlan 368

    appl-parameter http advanced-options case_param

Yogesh Gawankar
Cisco Employee
Cisco Employee

If CSS VIP (1.1.1.1) is listening on http, I do not see port 80 in  the serverfarm config on ACE.

Hi Yogesh,

Requests come on 443...CSS offload it to 80 and sends to serverfarm

Review Cisco Networking for a $25 gift card