ACE SSL Termination

Unanswered Question
Mar 22nd, 2007
User Badges:


i've read the Manual for SSL Termination.

I did not find any Option, how i can control the Secure and the nonsecure Port. On CSS it was possible to do this in the ssl-server inside the ssl-proxy-list.

How can i change that on the ACE?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Syed Iftekhar Ahmed Thu, 03/22/2007 - 15:13
User Badges:
  • Blue, 1500 points or more

I think are looking for port 81 that was used in CSS days to

differentiate decrypted traffic coming back from the offloader from regular http traffic.

With ACE, there is no need to make this distinction anymore.

You just need two class maps for cleartext & Secure traffic.

Following is a sample config


rserver host Server03

ip address


rserver host Server04

ip address


serverfarm host APP-FARM

rserver Server03


rserver Server04


***********Clear text traffic ***********************

class-map match-all VIP-CLEAR

2 match virtual-address tcp eq http

policy-map type loadbalance first-match APP-POLICY

class class-default

serverfarm APP-FARM

************* Secure traffic************************

class-map match-all VIP-SECURE

2 match virtual-address tcp eq https

policy-map type loadbalance first-match SSL-APP-POLICY

class class-default

serverfarm APP-FARM


policy-map multi-match client-vips


loadbalance vip inservice

loadbalance policy APP-POLICY

loadbalance vip icmp-reply active


loadbalance vip inservice

loadbalance policy SSL-APP-POLICY

loadbalance vip icmp-reply active

ssl-proxy server app-ssl <-- use ssl proxy service for ssl offload


ssl-proxy service app-ssl

key app-key

cert app-cert

Hope it helps

Syed Iftekhar Ahmed


This Discussion