cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
347
Views
0
Helpful
1
Replies

ACE SSL Termination

Sbutzek
Level 1
Level 1

Hello,

i've read the Manual for SSL Termination.

I did not find any Option, how i can control the Secure and the nonsecure Port. On CSS it was possible to do this in the ssl-server inside the ssl-proxy-list.

How can i change that on the ACE?

Sven

1 Reply 1

I think are looking for port 81 that was used in CSS days to

differentiate decrypted traffic coming back from the offloader from regular http traffic.

With ACE, there is no need to make this distinction anymore.

You just need two class maps for cleartext & Secure traffic.

Following is a sample config

*******************************************

rserver host Server03

ip address 172.20.20.13

inservice

rserver host Server04

ip address 172.20.20.14

inservice

serverfarm host APP-FARM

rserver Server03

inservice

rserver Server04

inservice

***********Clear text traffic ***********************

class-map match-all VIP-CLEAR

2 match virtual-address 10.1.1.100 tcp eq http

policy-map type loadbalance first-match APP-POLICY

class class-default

serverfarm APP-FARM

************* Secure traffic************************

class-map match-all VIP-SECURE

2 match virtual-address 10.1.1.100 tcp eq https

policy-map type loadbalance first-match SSL-APP-POLICY

class class-default

serverfarm APP-FARM

****************************************

policy-map multi-match client-vips

class VIP-CLEAR

loadbalance vip inservice

loadbalance policy APP-POLICY

loadbalance vip icmp-reply active

class VIP-SECURE

loadbalance vip inservice

loadbalance policy SSL-APP-POLICY

loadbalance vip icmp-reply active

ssl-proxy server app-ssl <-- use ssl proxy service for ssl offload

**************************************************

ssl-proxy service app-ssl

key app-key

cert app-cert

Hope it helps

Syed Iftekhar Ahmed

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: