09-30-2009 05:37 PM
I have a virtual server configured to terminate SSL traffic and send to the real server in clear text. This works great when I test from my browser and access the web site on the server.
However when another group attempts to sent soap over HTTPS to the same virtual server the ACE drops the connection.
Just wondering if anyone has seen this before?
access-list PERMIT line 8 extended permit ip any any
serverfarm host SecureSite
probe PROBE_SERVICE_ICMP
rserver SecureSite 81
inservice
parameter-map type connection TCP_PARAM
syn-data drop
exceed-mss allow
class-map match-all SecureSite
2 match virtual-address 10.24.44.11 tcp eq https
policy-map type loadbalance first-match SecureSite-l7slb
class class-default
serverfarm SecureSite
policy-map multi-match POLICY
class SecureSite
loadbalance vip inservice
loadbalance policy SecureSite-l7slb
loadbalance vip icmp-reply active
nat dynamic 1 vlan 332
ssl-proxy server SecureSite
connection advanced-options TCP_PARAM
Service policy is applied at the interface.
09-30-2009 10:06 PM
I suspect the server sends an HTTP redirect which will not be usable until you set up SSL URL rewrite. It is a very good practice to have this feature enabled for all SSL termination configs.
Peter
09-30-2009 10:12 PM
I assume you just omitted to paste the 'ssl-proxy service SecureSite' section with the cert and the key.
10-01-2009 04:21 AM
Yes, I actually forgot to include the ssl-proxy service in my post. It is there and is configured. Works just fine with regular website traffic. I even tried a different ssl-proxy service just to see if there was any change.
10-09-2009 03:15 AM
"However when another group attempts to sent soap over HTTPS to the same virtual server the ACE drops the connection."
Where's this group connecting to the VIP from?
Is it from a client-side or server-side vlan?
10-12-2009 11:15 AM
We ended up resolving this issue. It turned out to be something really simple. The client that was sending the soap traffic did not have the proper SSL certificate installed on the server that was generating the soap traffic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide