I think are looking for port 81 that was used in CSS days to
differentiate decrypted traffic coming back from the offloader from regular http traffic.
With ACE, there is no need to make this distinction anymore.
You just need two class maps for cleartext & Secure traffic.
Following is a sample config
*******************************************
rserver host Server03
ip address 172.20.20.13
inservice
rserver host Server04
ip address 172.20.20.14
inservice
serverfarm host APP-FARM
rserver Server03
inservice
rserver Server04
inservice
***********Clear text traffic ***********************
class-map match-all VIP-CLEAR
2 match virtual-address 10.1.1.100 tcp eq http
policy-map type loadbalance first-match APP-POLICY
class class-default
serverfarm APP-FARM
************* Secure traffic************************
class-map match-all VIP-SECURE
2 match virtual-address 10.1.1.100 tcp eq https
policy-map type loadbalance first-match SSL-APP-POLICY
class class-default
serverfarm APP-FARM
****************************************
policy-map multi-match client-vips
class VIP-CLEAR
loadbalance vip inservice
loadbalance policy APP-POLICY
loadbalance vip icmp-reply active
class VIP-SECURE
loadbalance vip inservice
loadbalance policy SSL-APP-POLICY
loadbalance vip icmp-reply active
ssl-proxy server app-ssl <-- use ssl proxy service for ssl offload
**************************************************
ssl-proxy service app-ssl
key app-key
cert app-cert
Hope it helps
Syed Iftekhar Ahmed