Hi,
This is the first time i am configuring cisco ACE for SSL offloading, i need help in accomplish this task.
i have router outside which nat public ip to vip on ace. i want to configure ssl offloading on ace and after ACE traffic to pass as clear text port 80.
i have purchased public certifcate and install it on ACE, internal server is not yet ready .
How i can verify my config. , Is this correct , first i dont want to apply any filter or any L7 inspection ?
How to test it before the server is ready ?
rserver host Host1
ip address 1.1.1.1
conn-limit max 4000000 min 4000000
probe HTTP
inservic
serverfarm host SF1
probe HTTP
rserver Host1
conn-limit max 4000000 min 4000000
inservice
sticky ip-netmask 255.255.255.255 address source STICKY
timeout 60
timeout activeconns
serverfarm SF1
ssl-proxy service ID1
key KEY1.PEM
cert ID1.pem
chaingroup ID
class-map match-all VIP_ID
2 match virtual-address 1.1.1.2 tcp eq https
policy-map type loadbalance first-match VIP_ID-l7slb
class class-default
sticky-serverfarm STICKY
policy-map multi-match Client-side-VIP
class VIP_ID
loadbalance vip inservice
loadbalance policy VIP_ID-l7slb
nat dynamic 2 vlan 11
ssl-proxy server ID1
show crypto certificate all
ID1.pem:
Subject: /serialNumber=***********
Issuer: *******
Not Before: Nov 20 08:33:55 2013 GMT
Not After: Nov 21 10:53:19 2016 GMT
CA Cert: FALSE