12-23-2010 08:57 AM
We are performing SSL overloading in Cisco ACE 4710..
443 from client to load balancer then 80 on the backend.. which works fine, however when I change the backend to 8080 I get to the initial screen but everything after breaks,..
It seems to be something with 443 as if I configure the front end to talk port 81 and backend 8080 all works, as soon as the front end is changed to 443 I get to the first page then everything after breaks
12-23-2010 10:48 AM
Hi Networker,
Kindly use the following command:
ssl url rewrite location expression [sslport number1] [clearport number2]
As per in your case:
CLIENT -----> ACE = port 443 = sslport
ACE --------> Server = port 8080=clearport
Suppose you are specifying SSL URL rewrite for the URL www.cisco.com or www.cisco.net using the default SSL port of 443 and a clear port of 8080,
Then enter:
host1/Admin(config-actlist-mod)# ssl url rewrite location www\.cisco\.* sslport 443 clearport 8080
In the above example, the ACE attempts to perform the following tasks:
1. Match all HTTP redirects to http://www.cisco.com:8080 or http://www.cisco.net:8080
2. Rewrite the HTTP redirects as https://www.cisco.com:443 or https://www.cisco.net:443
3. Forward the HTTP redirects to the client
After you enter the ssl url rewrite command, associate the action list with a Layer 3 and Layer 4 policy map.
Check the URL for your reference:
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/command/reference/actnlist.html#wp1041777http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA4_1_0/command/reference/actnlist.html#wp1050875
HTH
Sachin Garg
12-23-2010 11:19 AM
thanks I configured this and I can now get in but if I do a "show action-list" I see the ACT_SSLLIST but no entries against the various fields.. but I can now log in.. one other thing i keep getting kicked out frequently even when I am working
12-23-2010 11:34 AM
try run the command
show action-list ACT_SSLLIST
ALso could you share your config so that I can see if something missing so as to provide a fix from getting kicked off frequently.
Kindly rate if you find my previous post helpful or informative.
HTH
Sachin Garg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide