Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
454
Views
5
Helpful
4
Replies

Using the CSM to setup a HTTPS session on non-standard ports?

sgonsalv
Level 1
Level 1

‎07-26-2007 06:24 PM

Hi Guys,

One of our clients wants to setup an SSL connection on a non-standard SSL port i.e. 4444 to begin with. Here the sever handles the SSL encryption / deccryption) instead of the SSL module.

I've found the following config to work well:

serverfarm FARM-MOBS-4444

nat server

no nat client

predictor leastconns

failaction purge

real 130.194.12.81 4444

inservice

real 130.194.12.84 4444

inservice

probe MOBS-4444

!

sticky 108 netmask 255.255.255.255 timeout 60

!

vserver VMOBS-PROD-4444

virtual 130.194.11.51 tcp https

serverfarm FARM-MOBS-4444

sticky 60 group 108

persistent rebalance

inservice

!

With the above setup the CSM redirects the SSL connections (recieved on 443) to port 4444 on the sever and maintains this for the duration of the session.

While the above setup works, is it possible to configure the VIP to use a HTTPS port other than 443 (which is default)? This would then allow for separate HTTPS paths to be setup on non-standard ports. I ask this since the client also wants to setup a HTTPS path on port 4443 as well.

Any ideas would be useful.

thanks

Sheldon

Labels:
0 Helpful
4 Replies 4

Martin Kyrc
Level 3
Level 3

‎07-26-2007 11:25 PM

Hi Sheldon,

you can use 'non standard' port for SSL termination. it works without problem.

regards,

martin

0 Helpful

sgonsalv
Level 1
Level 1
In response to Martin Kyrc

‎07-26-2007 11:43 PM

Hi Martin,

Do you mean using the SSL module to perform the encryption / decryption? If so i've tried this and it does work without an issue.

I was just wondering if it were possible to have a VIP setup where the HTTPS port is not 443 but say 4443, where the encryption / decryption is done by the real servers themselves.

thanks

Sheldon

0 Helpful

Martin Kyrc
Level 3
Level 3
In response to sgonsalv

‎07-26-2007 11:52 PM

Hi Sheldon,

I though use non standard port (4443), where encryption/decryption is done on the real servers. CSM only 'forwards' traffic to the real server (using nat/pat, because vip and rserver ports are different - vip:4443/443, rserver:4444)

(btw: you can use non standard port with SSL termination on the SSL module too)

martin

sgonsalv
Level 1
Level 1
In response to Martin Kyrc

‎07-27-2007 12:24 AM

Hi Martin,

I confused myself - yup it all works fine on the CSM now!

thanks

Sheldon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents