Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1282
Views
0
Helpful
1
Replies

HTTPS Probe on ACE

jason.williams
Level 1
Level 1

‎04-13-2011 01:10 PM

We have some webserver behind our ACE that use SSL certificates that are issued by an internal CA.

Do I need to do anything special in order to probe HTTPS?  Does the ACE need the internal CA to be trusted?

Thanks.

Jason

Labels:
0 Helpful
1 Reply 1

kitanaka
Level 1
Level 1

‎04-14-2011 01:41 AM

Hi,

If https server is working properly, only you need to do is configure https probe on ACE like below.

You do not have to anything related certificate on ACE side.

ACE-A327/context02# show running-config
Generating configuration....

probe https HTTPS
  interval 15
  passdetect interval 60
  ssl version all
  expect status 200 200
  open 1

rserver host S1
  ip address 10.1.142.209
  inservice


serverfarm host SF
  probe HTTPS
  rserver S1
    inservice

interface vlan 11
  ip address 10.1.142.1 255.255.255.0
  no shutdown

ACE-A327/context02# show probe detail

probe       : HTTPS
type        : HTTPS
state       : ACTIVE
description :
----------------------------------------------
   port      : 443     address     : 0.0.0.0         addr type  : -          
   interval  : 15      pass intvl  : 60              pass count : 3   
   fail count: 3       recv timeout: 10  
   SSL version      : All
   SSL cipher       : RSA_ANY
   http method      : GET
   http url         : /
   conn termination : GRACEFUL 
   expect offset    : 0         , open timeout     : 1        
   regex cache-len  : 0        
   expect regex     : -
   send data        : -
                ------------------ probe results ------------------
   associations ip-address      port  porttype probes   failed   passed   health

   ------------ ---------------+-----+--------+--------+--------+--------+------

   serverfarm  : SF
     real      : S1[0]
                10.1.142.209    443   DEFAULT  11       0        11       SUCCES
S

   Socket state        : CLOSED
   No. Passed states   : 0         No. Failed states : 0
   No. Probes skipped  : 0         Last status code  : 200
   No. Out of Sockets  : 0         No. Internal error: 0
   Last disconnect err :  -
   Last probe time     : Thu Apr 14 17:34:02 2011
   Last fail time      : Thu Apr 14 17:30:42 2011
   Last active time    : Thu Apr 14 17:30:44 2011

ACE-A327/context02#

Additionaly, you can specify cipher in client hello, also you can select ssl/tls version.

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/probe.html#wp1162289

If you find this helpful, please rate this topic.

Regards,

Kim.

84860-probe.pcap.zip
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card