04-14-2015 12:35 PM
Hi,
We have a requirement to configure source IP session persistence for HTTPS connections (port 443) on the ACE running A5(3.1). The real servers are listening on port 443 as well. Will we need to terminate these HTTPS sessions on the ACE?
thanks.
04-16-2015 05:21 AM
Hi,
Your requirement is termed as End-to-End SSL termination. For IP persistence, you just need to add sticky servers and
End To End SSL: http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Configuration_Examples_--_SSL_Configuration_Examples#Simplified_End-to-End_SSL_Configuration_Example
With Sticky: http://www.cisco.com/c/en/us/support/docs/interfaces-modules/ace-application-control-engine-module/107401-ace-end2end.html
Hope that helps.
BR,
Abhi
04-17-2015 10:24 AM
Hi,
If the requirement is just to have source based persistence then you don't need SSL to be terminated unless you want to. Even without SSL termination, you can have source based sticky. Anything above that would be encrypted and if L7 based sticky is required then you need end to end ssl in your scenario.
Regards,
Kanwal
Note: Please mark answers if they are helpful.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: