ACE SSL Termination

Unanswered Question
Mar 22nd, 2007
User Badges:

Hello,


i've read the Manual for SSL Termination.


I did not find any Option, how i can control the Secure and the nonsecure Port. On CSS it was possible to do this in the ssl-server inside the ssl-proxy-list.


How can i change that on the ACE?


Sven



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Syed Iftekhar Ahmed Thu, 03/22/2007 - 15:13
User Badges:
  • Blue, 1500 points or more

I think are looking for port 81 that was used in CSS days to

differentiate decrypted traffic coming back from the offloader from regular http traffic.

With ACE, there is no need to make this distinction anymore.

You just need two class maps for cleartext & Secure traffic.


Following is a sample config




*******************************************

rserver host Server03

ip address 172.20.20.13

inservice


rserver host Server04

ip address 172.20.20.14

inservice


serverfarm host APP-FARM

rserver Server03

inservice

rserver Server04

inservice


***********Clear text traffic ***********************


class-map match-all VIP-CLEAR

2 match virtual-address 10.1.1.100 tcp eq http


policy-map type loadbalance first-match APP-POLICY

class class-default

serverfarm APP-FARM




************* Secure traffic************************


class-map match-all VIP-SECURE

2 match virtual-address 10.1.1.100 tcp eq https


policy-map type loadbalance first-match SSL-APP-POLICY

class class-default

serverfarm APP-FARM


****************************************

policy-map multi-match client-vips

class VIP-CLEAR

loadbalance vip inservice

loadbalance policy APP-POLICY

loadbalance vip icmp-reply active

class VIP-SECURE

loadbalance vip inservice

loadbalance policy SSL-APP-POLICY

loadbalance vip icmp-reply active

ssl-proxy server app-ssl <-- use ssl proxy service for ssl offload



**************************************************


ssl-proxy service app-ssl

key app-key

cert app-cert




Hope it helps

Syed Iftekhar Ahmed

Actions

This Discussion