CSS11506 - SSL termination

Unanswered Question
May 11th, 2007
User Badges:

So still terminating 2 ssl websites on CSS, with http connections to the backend servers. Do I need to also add an http content rule for the CSS to backend server connections in addition to the SSL content rule ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Gilles Dufour Tue, 05/15/2007 - 04:24
User Badges:
  • Cisco Employee,

if you want to loadbalance on the backend side, you need an http content rule to catch the decrypted traffic from the internal ssl module.

So, when configuring the ssl cipher, you have to specify the ip and port where to send the decrypted traffic. This can be the server ip directly or it can also be a content rule on the CSS.

If you specific a vip:port you can then apply normal content rule features like loadbalancing but also cookie styckiness, ...

This is the recommended solution.



This Discussion