07-21-2009 02:55 AM
Hi,
We have ACE4710 and I configured ACE for load balancing and SSL terminator with users authentication. All users authenticate when browsing https://x.x.x.x url and all work well. But I want users to authenticate with SSL certificate when browsing only special url on my server- for example when user browse url https://x.x.x.x/Test no need to be authenticated, but when browse url https://x.x.x.x/testSSL/ need to authenticate.
Can you post any example and help me to do this.
Thanks in advance.
07-23-2009 01:46 AM
Does anyone have a idea. This is my configuration:
crypto authgroup AUTH_CERT_1
cert CARoot.crt
probe icmp PING_TEST
interval 15
passdetect interval 60
parameter-map type ssl SSL_PARAMETER_MAP
authentication-failure ignore
rserver host RS_web_1
description ### WEB SERVER 1 ###
ip address 192.168.2.103
inservice
serverfarm host WEB_SERVERFARM
probe PING_TEST
rserver RS_web_1 80
inservice
ssl-proxy service SSL-WWWSERVICE-SERVER
key ACEkey
cert ACEcer
authgroup AUTH_CERT_1
ssl advanced-options SSL_PARAMETER_MAP
ssl-proxy service SSL-WWWSERVICE-SERVER_no_auth
key ACEkey
cert ACEcer
ssl advanced-options SSL_PARAMETER_MAP
class-map match-all L4_VIP_ADDRESS_WEB
2 match virtual-address 192.168.1.103 any
class-map match-all L4_VIP_ADDRESS_WEB_no_auth
2 match virtual-address 172.16.1.103 any
class-map type http loadbalance match-all L7CLASS-Test
2 match http url /Test/*
class-map type http loadbalance match-all L7CLASS-TestSSL
2 match http url /TestSSL/*
policy-map type loadbalance first-match L7_POLICY_WEB_ssl_auth
class L7CLASS-Test
serverfarm WEB_SERVERFARM
policy-map type loadbalance first-match L7_POLICY_WEB_no_ssl_auth
class L7CLASS-TestSSL
serverfarm WEB_SERVERFARM
policy-map multi-match VIP_POLICY
class L4_VIP_ADDRESS_WEB
loadbalance vip inservice
loadbalance policy L7_POLICY_WEB_ssl_auth
ssl-proxy server SSL-WWWSERVICE-SERVER
class L4_VIP_ADDRESS_WEB_no_auth
loadbalance vip inservice
loadbalance policy L7_POLICY_WEB_no_ssl_auth
ssl-proxy server SSL-WWWSERVICE-SERVER_no_auth
08-10-2009 12:19 PM
I saw that "policy-map multi-match VIP_POLICY" match only first L4 class, and no second. Is it possible match two policies with "or" rule
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide