Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
0
Helpful
2
Replies

CSS Internal server initiate in clear text then encrypt to host

markjwalmsley
Level 1
Level 1

‎10-23-2006 06:26 AM

Hi

This may be difficult to explain but I will try.

I have numerous HTTPS clients coming into a VIP, hitting a 443 content rule on port 443, hit the SSL module etc then they are load balanced to one of three servers on port 81. Now, say one of the 3 servers has to initiate a seperate connection to the host it's currently talking to but from a different port, say 8080 from the server and I want it to talk SSL back to the same host on 443, is this possible? When the host replies on 443, won't there be some confusion when it hits the 443 content rule, ssl module, because of the port 81 services configured?

The only examples that seem to come close is back end server initiation but It seems that you have to specify an ip address, I would not have any way of specifying an ip ass it could be any one of a few hundred clients.

Can anyone help?

Sorry if this is difficult to understand and please ask me to clarify if necessary.

Thanks for your help.

Kind regards

Mark.

Labels:
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎10-24-2006 02:36 AM

if the application requires a connection to be open back to the client, can't you setup the application to use SSL instead of HTTP ?

Indeed, the only option is SSL Initiation, but it requires to know the destination address.

Telling you this will not probably help you but I'd like to say that this kind of application opening a connection from the server to the client is very weird.

What if, like most client it is behind a firewall or running the integrated windows firewall ? the firewall will most probably block the connection from your server.

Can't you design the application differently and let the client open a 2nd connection with the server in HTTPS ?

Gilles.

0 Helpful

markjwalmsley
Level 1
Level 1
In response to Gilles Dufour

‎10-24-2006 03:10 AM

Thanks Giles,

Many people have said that this is weird. It seems like it's an afterthought as much of the work for this project was finished some time ago then this request suddenly popped up. I think you're right and I'm going to question this and try to get the app re-written which is probably what they are trying to avoid anyway.

Cheers.

Mark.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card