Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
952
Views
0
Helpful
3
Replies

Cisco ACE backend communication

networker99
Level 1
Level 1

‎12-23-2010 08:57 AM

We are performing SSL overloading in Cisco ACE 4710..

443 from client to load balancer then 80 on the backend.. which works fine, however when I change the backend to 8080 I get to the initial screen but everything after breaks,..

It seems to be something with 443 as if I configure the front end to talk port 81 and backend 8080 all works, as soon as the front end is changed to 443 I get to the first page then everything after breaks

Labels:
0 Helpful
3 Replies 3

sachinga.hcl
Level 4
Level 4

‎12-23-2010 10:48 AM

Hi Networker,

Kindly use the following command:

ssl url rewrite location expression [sslport number1] [clearport number2]

As per in your case:

CLIENT -----> ACE = port 443 = sslport

ACE --------> Server = port 8080=clearport

Suppose you are specifying SSL URL rewrite for the URL www.cisco.com or www.cisco.net using the default SSL port of 443 and a clear port of 8080,

Then enter:

host1/Admin(config-actlist-mod)# ssl url rewrite location www\.cisco\.* sslport 443 clearport 8080

In the above example, the ACE attempts to perform the following tasks:

1. Match all HTTP redirects to http://www.cisco.com:8080 or http://www.cisco.net:8080

2. Rewrite the HTTP redirects as https://www.cisco.com:443 or https://www.cisco.net:443

3. Forward the HTTP redirects to the client

After you enter the ssl url rewrite command, associate the action list with a Layer 3 and Layer 4 policy map.

Check the URL for your reference:

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/command/reference/actnlist.html#wp1041777http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA4_1_0/command/reference/actnlist.html#wp1050875

HTH

Sachin Garg

0 Helpful

networker99
Level 1
Level 1
In response to sachinga.hcl

‎12-23-2010 11:19 AM

thanks I configured this and I can now get in but if I do a "show action-list" I see the ACT_SSLLIST but no entries against the various fields.. but I can now log in.. one other thing i keep getting kicked out frequently even when I am working

0 Helpful

sachinga.hcl
Level 4
Level 4
In response to networker99

‎12-23-2010 11:34 AM

try run the command

show action-list ACT_SSLLIST

ALso could you share your config so that I can see if something missing so as to provide a fix from getting kicked off frequently.

Kindly rate if you find my previous post helpful or informative.

HTH

Sachin Garg

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Top