cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3132
Views
0
Helpful
7
Replies

https to http redirect

alex.goldstein
Level 1
Level 1

Can you redirect from https to http? I got redirection to work the other way fine. I reversed the configuration and it did'nt like it. Am I missing something?

7 Replies 7

pknoops
Level 3
Level 3

Alex,

I have never tried this, but assuming the only thing that would be unique in this senario is the VIP address to redirect on, you could probably configure a rule like this.

content pete

vip address 154.1.1.1

protocol tcp

port 443

redirect "http://this.is.a.test.com"

active

This assumes that you want to redirect all traffic coming in 443 to this vip and send the redirect back to the client.

Regards

Pete..

RHLloydBGF
Level 1
Level 1

Apparently not. If you look at

http://www.cisco.com/warp/public/117/css_persistence_http.html

It states

Because of limitations in the CSS 11000, redirects only can be sent from HTTP (Port 80) to HTTP or from HTTP to HTTPS (Port 443). If there is a requirement to send a redirect from Secure Hypertext Transfer Protocol (HTTPS), then the redirect must be sent from the Web server.

Hope it helps.

Hi,


Did you find any solution to this? I have a similar requirement to convert HTTPS requests to HTTP and send to my UCCX server. Any idea ASA/CSM or any third party device can do it or not?

Thanks,

inner_silence

litrenta
Level 3
Level 3

You cannot do this unless you are terminating SSL on the CSS with an SSL card.Here is why:

when client connects on port 443 it sends a client hello and expects server hello back. So redirect cannot happen if ssl is not terminated on the CSS because ssl will not be negotiated as the client is expecting.

If you have the ssl card on the css and can terminate ssl on the CSS then you can do the redirection. For ssl termination configuration (again only if you have the hardware see:


http://tools.cisco.com/squish/c5c23

Hi Guys,

Good day to everyone. I would just like to ask if this is applicable to ASA 5500 appliances too?

Thanks in advance.

Jojo Santos

Hi Jojo,

ASA can't do SSL termination as CSS/CSM-S/ACE do. The most similar feature I think would be WebVPN but this

is  unable to provide a decrypted data stream so not even close to the SSL offloading possibilites that LB products can offer you.

HTH

__ __

Pablo

You cannot do SSL termination on an ASA, because thats not its function, but as someone else mentioned you should be able to do an https

->http redirect on an ACE (or CSS) so long as you have the cert and key installed on the load balancer.

Review Cisco Networking for a $25 gift card