cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1269
Views
0
Helpful
3
Replies

Config SSL on Cisco ACE 4710

alkabeer80
Level 1
Level 1

Hi,

This is the first time i am configuring cisco ACE for SSL offloading, i need help in accomplish this task.

i have router outside which nat public ip to vip on ace. i want to configure ssl offloading on ace and after ACE traffic to pass as clear text port 80.

i have purchased public certifcate and install it on ACE, internal server is not yet ready .

How i can verify my config. , Is this correct , first i dont want to apply any filter or any L7 inspection ?

How to test it before the server is ready ?

rserver host Host1
  ip address 1.1.1.1
  conn-limit max 4000000 min 4000000
  probe HTTP
  inservic


serverfarm host SF1
  probe HTTP
  rserver Host1
    conn-limit max 4000000 min 4000000
    inservice


sticky ip-netmask 255.255.255.255 address source STICKY
  timeout 60
  timeout activeconns
  serverfarm SF1

ssl-proxy service ID1
  key KEY1.PEM
  cert ID1.pem
  chaingroup ID

class-map match-all VIP_ID
  2 match virtual-address 1.1.1.2 tcp eq https

policy-map type loadbalance first-match VIP_ID-l7slb
  class class-default
    sticky-serverfarm STICKY

policy-map multi-match Client-side-VIP
  class VIP_ID
    loadbalance vip inservice
    loadbalance policy VIP_ID-l7slb
    nat dynamic 2 vlan 11
    ssl-proxy server ID1

show crypto certificate all

ID1.pem:
Subject: /serialNumber=***********
Issuer: *******
Not Before: Nov 20 08:33:55 2013 GMT
Not After: Nov 21 10:53:19 2016 GMT
CA Cert: FALSE

3 Replies 3

Kanwaljeet Singh
Cisco Employee
Cisco Employee