Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1835
Views
0
Helpful
1
Replies

ACE30 Stickiness Options

Daniel Anderson
Level 1
Level 1

‎02-11-2014 05:17 AM

Hi,

We currently have a VIP that resides on an ACE30, listening on Port 443. Clients are connecting to the VIP through a https browser session, with the VIP simply forwarding the request on the rservers on the same port. From a stickiness perspective, we currently have it configured based on the SSL Session-ID, which I'm not entirely convinced is working fully as we expect it to.

Based on the above configuration with the ACE not having any visibility of the incoming 443 connectivity do we have any stickiness options outside of using SSL Session-ID.  Unfortunately, all the clients connecting to us are coming through a Single NAT address, so we're not able to base it configured on Source IP either.

I don't have experience with any other stickiness configurations, so just wanted to reach out to see what experiences others have had.

TIA

Dan

Labels:
0 Helpful
1 Reply 1

Srinivasan Aylur Narayanan
Cisco Employee
Cisco Employee

‎02-11-2014 06:41 AM

Hi Daniel,

You could refer to the following link

http://www.cisco.com/c/en/us/support/docs/interfaces-modules/ace-application-control-engine-module/107401-ace-end2end.html

It gives the example configuration for achieving  both SSL end to end solution and stickyness using cookie insert

Here ACE does decryption for the 443 traffic using loaded key and certificate. Then, the traffic will be encrypted again and sent to the rservers in cipher text  and persistence rebalance is also required to look for the layer 7 information in each and every request and then load balance


0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card