Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3128
Views
0
Helpful
7
Replies

https to http redirect

alex.goldstein
Level 1
Level 1

‎11-05-2002 07:31 AM

Can you redirect from https to http? I got redirection to work the other way fine. I reversed the configuration and it did'nt like it. Am I missing something?

Labels:
0 Helpful
7 Replies 7

pknoops
Level 3
Level 3

‎11-05-2002 07:48 AM

Alex,

I have never tried this, but assuming the only thing that would be unique in this senario is the VIP address to redirect on, you could probably configure a rule like this.

content pete

vip address 154.1.1.1

protocol tcp

port 443

redirect "http://this.is.a.test.com"

active

This assumes that you want to redirect all traffic coming in 443 to this vip and send the redirect back to the client.

Regards

Pete..

0 Helpful

RHLloydBGF
Level 1
Level 1

‎11-15-2002 09:24 AM

Apparently not. If you look at

http://www.cisco.com/warp/public/117/css_persistence_http.html

It states

Because of limitations in the CSS 11000, redirects only can be sent from HTTP (Port 80) to HTTP or from HTTP to HTTPS (Port 443). If there is a requirement to send a redirect from Secure Hypertext Transfer Protocol (HTTPS), then the redirect must be sent from the Web server.

Hope it helps.

0 Helpful

Kapil Atrish
Level 3
Level 3
In response to RHLloydBGF

‎09-02-2010 12:40 AM

Hi,


Did you find any solution to this? I have a similar requirement to convert HTTPS requests to HTTP and send to my UCCX server. Any idea ASA/CSM or any third party device can do it or not?

Thanks,

inner_silence

0 Helpful

litrenta
Level 3
Level 3

‎09-02-2010 05:53 AM

You cannot do this unless you are terminating SSL on the CSS with an SSL card.Here is why:

when client connects on port 443 it sends a client hello and expects server hello back. So redirect cannot happen if ssl is not terminated on the CSS because ssl will not be negotiated as the client is expecting.

If you have the ssl card on the css and can terminate ssl on the CSS then you can do the redirection. For ssl termination configuration (again only if you have the hardware see:


http://tools.cisco.com/squish/c5c23

0 Helpful

jojsanto
Level 1
Level 1
In response to litrenta

‎01-13-2011 04:15 AM

Hi Guys,

Good day to everyone. I would just like to ask if this is applicable to ASA 5500 appliances too?

Thanks in advance.

Jojo Santos

0 Helpful

pablo.nxh
Level 3
Level 3
In response to jojsanto

‎01-13-2011 09:22 AM

Hi Jojo,

ASA can't do SSL termination as CSS/CSM-S/ACE do. The most similar feature I think would be WebVPN but this

is  unable to provide a decrypted data stream so not even close to the SSL offloading possibilites that LB products can offer you.

HTH

__ __

Pablo

0 Helpful

kp75
Level 1
Level 1
In response to jojsanto

‎01-13-2011 09:28 AM

You cannot do SSL termination on an ASA, because thats not its function, but as someone else mentioned you should be able to do an https

->http redirect on an ACE (or CSS) so long as you have the cert and key installed on the load balancer.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card