cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2436
Views
0
Helpful
1
Replies

ACE url redirection from https to http

pandapritam
Level 1
Level 1

Hi,

I am new to ACE module config. I need help to configure url redirection from https to http for my MAPI server

mean client will connect through https://webmail.test.com then it will redirect to http://webmail.test.com/owa to get the web page.

now with my config no client can access the desired page through  https://webmail.test.com/owa.


crypto chaingroup chain
  cert pem
  cert cer
 
 
access-list all line 10 extended permit ip any any
access-list all line 20 extended permit icmp any any
access-list all line 30 extended permit tcp any any eq www
access-list all line 40 extended permit tcp any any eq https


probe https Exchange-OWA
  interval 30
  passdetect interval 60
  ssl version all
  request method get url GET /owa/auth/logon.aspx
  expect status 400 404

probe https https-probe
  interval 60
  passdetect interval 60
  passdetect count 2
  request method get url /owa/auth/login.aspx
  expect status 400 404
 
probe tcp TCP135
  description RPC Endpoint Mapper
  port 135
  interval 30
  passdetect interval 60
  connection term forced

probe tcp TCP60000
  description RPC Client Access
  port 60000
  interval 30
  passdetect interval 60
  connection term forced

probe tcp TCP60001
  description Address Book Service
  port 60001
  interval 30
  passdetect interval 60
  connection term forced
  open

rserver host CAS01
  ip address 10.128.195.73
  inservice
rserver host CAS02
  ip address 10.128.195.74
  inservice
rserver redirect OWA-SSL-REDIRECT
  webhost-redirection https://webmail.test.com/owa 301
  inservice

serverfarm host Exchange-CAS-HTTP
predictor leastconns

  rserver CAS01 80
    inservice
  rserver CAS02 80
    inservice
serverfarm host Exchange-CAS-HTTPS
predictor leastconns

  rserver CAS01 443
    inservice
  rserver CAS02 443
    inservice
serverfarm host Exchange-CAS-RPC
predictor leastconns

  rserver CAS01
    inservice
  rserver CAS02
    inservice

serverfarm redirect Exchange-OWA-REDIRECT
  rserver OWA-SSL-REDIRECT
    inservice

sticky ip-netmask 255.255.255.255 address source Exchange-CAS-RPC
  timeout 7200
  replicate sticky
  serverfarm Exchange-CAS-RPC
sticky http-cookie Exchange-Sticky Exchange-CAS-HTTPS-Cookie
  cookie insert browser-expire
  timeout 60
  replicate sticky
  serverfarm Exchange-CAS-HTTPS
sticky http-header Authorization Exchange-CAS-HTTPS-AuthZHeader
  timeout 7200
  replicate sticky
  serverfarm Exchange-CAS-HTTPS

ssl-proxy service Exchange-CAS
  key pem
  cert pem
  chaingroup chain


class-map match-any Exchange-CAS-RPC
  2 match virtual-address 10.128.194.1 any


class-map match-all Exchange-CAS-HTTPS
  2 match virtual-address 10.128.194.1 tcp eq https

class-map match-all Exchange-OWA-REDIRECT
  2 match virtual-address 10.128.194.1 tcp eq http

class-map type http loadbalance match-any HTTPS1
  2 match http header Host header-value "www[.]webmail[.]test[.]com"

class-map type http loadbalance match-any HTTPS2
2 match http url https://webmail.test.com
  2 match http url /owa/auth/logon.aspx
  3 match http url /owa/auth/*.*

policy-map type management first-match mgmt-pm
  class class-default
    permit

policy-map type loadbalance first-match HTTPS

  class HTTPS2
    serverfarm Exchange-CAS-HTTP
 
  class class-default
   serverfarm Exchange-CAS-RPC
   class HTTPS1
    serverfarm Exchange-CAS-HTTPS


policy-map type loadbalance first-match Exchange-CAS-HTTPS

  match OutlookAnywhere http header User-Agent header-value "MSRPC"
    sticky-serverfarm Exchange-CAS-HTTPS-AuthZHeader
  class class-default
    sticky-serverfarm Exchange-CAS-HTTPS-Cookie

policy-map type loadbalance first-match Exchange-CAS-RPC
  class class-default
    sticky-serverfarm Exchange-CAS-RPC

policy-map multi-match vlan1601

 
  class Exchange-CAS-HTTPS
    loadbalance vip inservice
    loadbalance policy HTTPS
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 1601
    ssl-proxy server Exchange-CAS
  class Exchange-CAS-RPC
    loadbalance vip inservice
    loadbalance policy Exchange-CAS-RPC
    nat dynamic 1 vlan 1601
  class Exchange-OWA-REDIRECT
    loadbalance vip inservice
    loadbalance policy Exchange-OWA-REDIRECT


interface vlan 1601
  description Client_server
  ip address 10.128.194.7 255.255.255.128
  peer ip address 10.128.194.8 255.255.255.128
  access-group input all
  nat-pool 1 10.128.194.20 10.128.194.29 netmask 255.255.255.128 pat
  service-policy input vlan1601
  service-policy input mgmt-pm
  no shutdown

ip route 0.0.0.0 0.0.0.0 10.128.194.4

your prompt help will be appricated.

1 Reply 1

Jorge Bejarano
Level 4
Level 4

Hello Panda,

If you just need to redirect from HTTPS to HTTP

Here you have a sample of a configuration which I just configured and it is working on my lab as you can see below:

class-map match-any JORGE-SSL

  2 match virtual-address 10.198.16.126 tcp eq https

policy-map multi-match test

  class JORGE-SSL

    loadbalance vip inservice

    loadbalance policy REDIRECT-PM

    loadbalance vip icmp-reply

    nat dynamic 126 vlan 112

    ssl-proxy server JORGE-SSL-PROXY

ssl-proxy service JORGE-SSL-PROXY

  key JORGE-KEY

  cert JORGE-CERT

  chaingroup CHAIN-GROUP-JORGE

policy-map type loadbalance first-match REDIRECT-PM

  class class-default

    serverfarm REDIRECT-SERVERFARM

serverfarm redirect REDIRECT-SERVERFARM

  rserver REDIRECT-TO-HTTP

    inservice

rserver redirect REDIRECT-TO-HTTP

  webhost-redirection http://www.cisco.com 301

  inservice

ACE-71/Admin# show service-policy test class-map JORGE-SSL

Status     : ACTIVE

-----------------------------------------

Interface: vlan 112

  service-policy: test

    class: JORGE-SSL

      ssl-proxy server: JORGE-SSL-PROXY

      nat:

        nat dynamic 126 vlan 112

        curr conns       : 0         , hit count        : 0

        dropped conns    : 0

        client pkt count : 0         , client byte count: 0

        server pkt count : 0         , server byte count: 0

        conn-rate-limit      : 0         , drop-count : 0

        bandwidth-rate-limit : 0         , drop-count : 0

      loadbalance:

        L7 loadbalance policy: REDIRECT-PM

        VIP Route Metric     : 77

        VIP Route Advertise  : DISABLED

        VIP ICMP Reply       : ENABLED

        VIP State: INSERVICE

        curr conns       : 0         , hit count        : 3

        dropped conns    : 0

        client pkt count : 29        , client byte count: 2672

        server pkt count : 0         , server byte count: 0

        conn-rate-limit      : 0         , drop-count : 0

        bandwidth-rate-limit : 0         , drop-count : 0

ACE-71/Admin#

Hope this helps!!!

Jorge

Review Cisco Networking for a $25 gift card