Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
767
Views
0
Helpful
3
Replies

HTTPS ans SSL with CSS (No SSL Module)

Go to solution
tevfik
Level 1
Level 1

‎06-27-2006 11:34 PM

Hi,

My customers have two server and need to load balance.

These servers initiate SSL.

and VIP address is :

https://erpappl.erp.mis.blabla.tgc:8005

My CSS has no ssl module. An dconfiguration is:

service venice

ip address 10.200.104.32

protocol tcp

port 8005

keepalive type tcp

keepalive port 8005

redundant-index 120

active

service calgary

ip address 10.200.104.33

protocol tcp

port 8005

keepalive type tcp

keepalive port 8005

redundant-index 121

active

owner ERPAPPL

content erpapp_test

add service venice

add service calgary

redundant-index 60

vip address 10.200.104.28

protocol tcp

port 8005

url "/*"

arrowpoint-cookie expiration 00:00:03:00

advanced-balance arrowpoint-cookie

application ssl

active

After this configuration I cannot reach the URL shown above.

Can you help me?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎06-28-2006 12:01 AM

if this is encrypted traffic [HTTPS] the CSS can't see the content of the packet.

So the CSS can't see the url [-> so the command url "/*" is incorrtect and should be removed] and the CSS can't see cookies [so the arrowpoint-cookie command is wrong and should be removed].

If we sell an SSL module, there is a reason :-)

The only sticky option you can use are :

- sticky based on srcip

- sticky on sslid

The first option [srcip] has a problem with mega proxy [many users being nated with the same ip] and the 2nd option has the problem that it only works with SSLV2 and that some browsers do not use the sslid.

Gilles.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎06-28-2006 12:01 AM

if this is encrypted traffic [HTTPS] the CSS can't see the content of the packet.

So the CSS can't see the url [-> so the command url "/*" is incorrtect and should be removed] and the CSS can't see cookies [so the arrowpoint-cookie command is wrong and should be removed].

If we sell an SSL module, there is a reason :-)

The only sticky option you can use are :

- sticky based on srcip

- sticky on sslid

The first option [srcip] has a problem with mega proxy [many users being nated with the same ip] and the 2nd option has the problem that it only works with SSLV2 and that some browsers do not use the sslid.

Gilles.

0 Helpful

Go to solution
tevfik
Level 1
Level 1
In response to Gilles Dufour

‎06-28-2006 12:11 AM

Thanks for reply,

I start from first option :-)

Changing configuration became like this:

content erpapp_test

add service venice

add service calgary

redundant-index 60

vip address 10.200.104.28

protocol tcp

port 8005

advanced-balance sticky-srcip

active

But I still cannot reach the https://10.200.104.28:85 web page.

Is there any mistake?

P.S . How can add (- sticky on sslid ) row ?

0 Helpful

Go to solution
tevfik
Level 1
Level 1
In response to tevfik

‎06-28-2006 03:28 AM

Hi,

I found the problem.

A mistake configuration in group part.

I used add service instead of add destination service.

I changed now it works.

Thanks

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card