Cisco ACE backend communication
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2010 08:57 AM
We are performing SSL overloading in Cisco ACE 4710..
443 from client to load balancer then 80 on the backend.. which works fine, however when I change the backend to 8080 I get to the initial screen but everything after breaks,..
It seems to be something with 443 as if I configure the front end to talk port 81 and backend 8080 all works, as soon as the front end is changed to 443 I get to the first page then everything after breaks
- Labels:
-
Application Networking
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2010 10:48 AM
Hi Networker,
Kindly use the following command:
ssl url rewrite location expression [sslport number1] [clearport number2]
As per in your case:
CLIENT -----> ACE = port 443 = sslport
ACE --------> Server = port 8080=clearport
Suppose you are specifying SSL URL rewrite for the URL www.cisco.com or www.cisco.net using the default SSL port of 443 and a clear port of 8080,
Then enter:
host1/Admin(config-actlist-mod)# ssl url rewrite location www\.cisco\.* sslport 443 clearport 8080
In the above example, the ACE attempts to perform the following tasks:
1. Match all HTTP redirects to http://www.cisco.com:8080 or http://www.cisco.net:8080
2. Rewrite the HTTP redirects as https://www.cisco.com:443 or https://www.cisco.net:443
3. Forward the HTTP redirects to the client
After you enter the ssl url rewrite command, associate the action list with a Layer 3 and Layer 4 policy map.
Check the URL for your reference:
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/command/reference/actnlist.html#wp1041777http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA4_1_0/command/reference/actnlist.html#wp1050875
HTH
Sachin Garg
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2010 11:19 AM
thanks I configured this and I can now get in but if I do a "show action-list" I see the ACT_SSLLIST but no entries against the various fields.. but I can now log in.. one other thing i keep getting kicked out frequently even when I am working
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2010 11:34 AM
try run the command
show action-list ACT_SSLLIST
ALso could you share your config so that I can see if something missing so as to provide a fix from getting kicked off frequently.
Kindly rate if you find my previous post helpful or informative.
HTH
Sachin Garg
