Redirect HTTP to HTTPS with SSL Termination

sandonen · ‎02-28-2005

I'm new to configuring CSS. I have been able to do simple load balancing, redirects and SSL, but I can’t' seem to get all three to work together. I have looked at all the docs I can find on Cisco's site, but I haven't found any good examples.

What I’m looking to do is have users redirect http traffic to https but terminate SSL traffic on the CSS device.

Any help would be appreciated

Thanks

Gilles Dufour · ‎03-01-2005

If you can do the 3 operations separately then you should be able to do this.

1.. create an HTTP vip to redirect the traffic to HTTPS.

2...create and HTTPS vip to catch the traffic and forward it to the SSL module for decryption.

3... create another HTTP vip to catch the decrypted traffic and loadbalance it.

Use the following doc for the ssl part

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_example09186a00801aca4f.shtml

Replace in the doc '192.168.150.15 80' with your VIP and ie port 81 [don't use port 80 as it is used for redirecting user to HTTPS]

For the redirect use link

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a00801de8d6.shtml

In this doc, look for the service with the command 'domain' and 'no-prepend http'.

Replace 'www.cisco.com' with your own domain name.

If that does not work, please explain exactly what is not working.

Are your client redirected to HTTPS ?

Do you see hits on the HTTPS rule ?

Do you see hits on the HTTP81 rule ?

Use 'show summary' to verify this.

Regards,

Gilles.