04-24-2009 04:01 PM
Folks
What will be equivalent config from CSS to ACE for the following config:
ssl-server 72 cipher rsa-with-rc4-128-md5 12.12.12.12 81
ssl-server 72 vip address 12.167.24.187
ssl-server 72 rsakey turnleafkey
ssl-server 72 rsacert turnleafstar1
ssl-server 72 cipher rsa-with-rc4-128-md5 12.12.12.12 81
service 12.12.12.12-redirect
ip address 42.42.42.42
keepalive type none
type redirect
no prepend-http
domain "https://testing.com"
active
content 12.12.12.12-443
vip address 12.12.12.12
port 443
protocol tcp
add service ssl_module1
active
content 12.12.12.12-81
vip address 12.12.12.12
port 81
protocol tcp
balance leastconn
advanced-balance sticky-srcip
add service host1-81
add service host2-81
add service host3-81
active
content 12.12.12.12-redirect
vip address 12.12.12.12
add service 12.12.12.12-redirect
protocol tcp
port 80
url "/*"
active
Thanks
04-26-2009 11:02 PM
Here is the result given by the CSS to ACE conversion tool available on the ACE Appliance. C4710.
Configuration commands for Admin context:
-----------------------------------------
resource-class RC1
limit-resource sticky minimum 10 maximum unlimited
context Admin
member RC1
interface gigabitEthernet 1/1
channel-group 10
no shutdown
interface gigabitEthernet 1/2
channel-group 10
no shutdown
interface gigabitEthernet 1/3
channel-group 10
no shutdown
interface gigabitEthernet 1/4
channel-group 10
no shutdown
interface port-channel 10
no shutdown
#interface gigabitEthernet 1/1
# no shutdown
Configuration commands for Admin context:
-----------------------------------------
access-list PERMIT_ALL extended permit ip any any
rserver redirect 12.12.12.12-redirect
inservice
webhost-redirection "https://testing.com"
serverfarm host 12.12.12.12-443
rserver ssl_module1
inservice
serverfarm host 12.12.12.12-81
predictor leastconns
rserver host1-81
inservice
rserver host2-81
inservice
rserver host3-81
inservice
serverfarm redirect 12.12.12.12-redirect
probe 12.12.12.12-redirect_PROBE
rserver 12.12.12.12-redirect
inservice
sticky ip-netmask 255.255.255.255 address source 12.12.12.12-81_STICKY
serverfarm 12.12.12.12-81
replicate sticky
parameter-map type http CASE_PARAM
case-insensitive
class-map type management match-any TO-CP-POLICY
match protocol icmp any
match protocol telnet any
match protocol snmp any
match protocol ssh any
class-map type http loadbalance match-any 12.12.12.12-redirect_CLASSURL
match http url "[.]*"
class-map match-all 12.12.12.12-81_CLASS
match virtual-address 12.12.12.12 tcp eq 81
class-map match-all 12.12.12.12-redirect_CLASS
match virtual-address 12.12.12.12 tcp eq 80
class-map match-all 12.12.12.12-443_CLASS
match virtual-address 12.12.12.12 tcp eq 443
policy-map type loadbalance first-match 12.12.12.12-81_POLICY
class class-default
sticky-serverfarm 12.12.12.12-81_STICKY
policy-map type loadbalance first-match 12.12.12.12-redirect_POLICY
class 12.12.12.12-redirect_CLASSURL
serverfarm 12.12.12.12-redirect
policy-map type loadbalance first-match 12.12.12.12-443_POLICY
class class-default
serverfarm 12.12.12.12-443
policy-map type management first-match TO-CP-POLICY
class TO-CP-POLICY
permit
policy-map multi-match POLICY
class 12.12.12.12-81_CLASS
appl-parameter http advanced-options CASE_PARAM
loadbalance vip inservice
loadbalance vip icmp-reply active
loadbalance policy 12.12.12.12-81_POLICY
class 12.12.12.12-redirect_CLASS
appl-parameter http advanced-options CASE_PARAM
loadbalance vip inservice
loadbalance vip icmp-reply active
loadbalance policy 12.12.12.12-redirect_POLICY
class 12.12.12.12-443_CLASS
appl-parameter http advanced-options CASE_PARAM
loadbalance vip inservice
loadbalance vip icmp-reply active
loadbalance policy 12.12.12.12-443_POLICY
service-policy input TO-CP-POLICY
service-policy input POLICY
04-26-2009 11:06 PM
The output above is missing the ssl-proxy and has an error in the SSL policy.
Here is the correction
ssl-proxy MyProxy
key ...
cert ...
policy-map multi-match POLICY
class 12.12.12.12-443_CLASS
appl-parameter http advanced-options CASE_PARAM
loadbalance vip inservice
loadbalance vip icmp-reply active
loadbalance policy 12.12.12.12-81_POLICY
ssl-proxy server MyProxy
Gilles.
04-29-2009 05:42 PM
How did u define probe 12.12.12.12-redirect_PROBE in the config u gave? what are the values of probe 12.12.12.12-redirect_PROBE
04-30-2009 03:55 AM
Actually, we do not support probe for redirect rserver.
So, simply remove that probe..
G.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide