CSM - HTTP to HTTPS on same CSM

Unanswered Question
Aug 8th, 2007
User Badges:

Greetings all,

I have 2 challenges

1) redirect port 80 to 443 on same CSM

2) Allow 443 in directly to the same server that port 80 is being redirected to.


Essentially we have some sites that were converted to HTTPS, but there are legacy users who still have port 80 bookmarked.


I am getting confused with where the command redirect-vserver points. Most of the examples are for SiteA to SiteB connectivity - so you could assume the redirect-vserver points to a VIP on a different CSM (that would be easy).


My issue is that these all live on the same CSM. When I create a vserver TEST_443 tcp 443 and try to point the redirect-vserver to it, I get an error message:


% Virtual server TEST_443 is already configured as a Redirect vserver.


How do you perform same CSM TCP Port redirection is my question?


Also, to challenge #2 above, I also need to allow in 443 directly. This would normally be no big deal, but with the redirection, I am getting a bit confused.


Thanks for any and all replies.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Thu, 08/09/2007 - 12:41
User Badges:
  • Cisco Employee,

you can do it.

Just do not use the same name for the redirect-vserver and the vserver.


Gilles.

krebsedmc Thu, 08/09/2007 - 14:13
User Badges:

gdufour,


Thanks for replying, I tested in the Lab and everything is working.


Sometimes the stupid things kill you....


Thanks!!!!

config_raval Sun, 05/11/2008 - 13:13
User Badges:

I have exactly same scenario as Kenneth has described above. But I have CSM module without SSL daughter card. So, first I want to confirm that does CSM alone(without SSL daughter card) support HTTPS requsts? Can I connect servers listning at port 443(HTTPS port) to this CSM?

config_raval Mon, 05/12/2008 - 07:01
User Badges:


Here is the configuration I have created for this. Could someone verify that this can work for above mentioned scenario before I can implement this in production. (Unfortunatly No facility for Lab Check). Thanx in advance.


**CONFIGURATION FOR HTTPS**


serverfarm HTTPSFARM

nat server

no nat client

real 172.16.23.81 443

inservice

real 172.16.23.82 443

inservice

!

vserver HTTPSVIP

virtual 10.20.221.100 tcp 443

serverfarm HTTPSFARM

persistent rebalance

inservice

!

!

**CONFIGURATION FOR REDIRECTING HTTP to HTTPS**

!

map SPORTMAP url

match protocol http://gspme.com*

!

serverfarm REDIRECTFARM

nat server

no nat client

redirect-vserver HTTPSVIP

webhost relocation https://gspme.com 301

inservice

!

serverfarm HTTPFARM

nat server

no nat client

real 172.16.23.81

inservice

real 172.16.23.82

inservice

!

policy SPORTPOLICY

url-map SPORTMAP

serverfarm REDIRECTFARM

!

vserver HTTPVIP

virtual 10.20.221.100 tcp www

serverfarm HTTPFARM

persistent rebalance

slb-policy SPORTPOLICY

inservice

!

Actions

This Discussion