SSL VIP and Service subnet considerations.

Answered Question
Apr 24th, 2007
User Badges:

Hi,


In the past when configuring an 11501 for use with http load balancing I was able to have the VIP and the Service IPs in the same subnet.


I now have an SSL module and would like to continue that form of usage, Ie. http and ssl VIPs are in the same subnet as the service servers. Is this possible?


I have not seen any docs to explicitly say it is not possible and http examples here on cisco.com repeatedly show http load balance setup this way, but all SSL examples show the VIP in a different subnet.


I am mainly trying to save myself work, because I already have a simple firewall design going...basically just inside and outside, and would like to avoid needing to add a DMZ to allow this as only a choice few servers in my farm will go through the CSS for service. I would like to keep all servers in the same subnet if possible. Thanks...


Correct Answer by Syed Iftekhar Ahmed about 10 years 2 months ago


Yes both secure (https) and clear text VIPs (Http) can be in same subnet.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
Syed Iftekhar Ahmed Tue, 04/24/2007 - 17:44
User Badges:
  • Blue, 1500 points or more


Yes both secure (https) and clear text VIPs (Http) can be in same subnet.



geolearning Tue, 04/24/2007 - 18:26
User Badges:

Thank you,


I suspected that would be the case, but could find no corroborating evidence in examples. This will save me a good amount of work! :)

Actions

This Discussion