CSS SSL L5 balancing

Unanswered Question
Nov 6th, 2007
User Badges:

Hello


I have four servers that I want to load balance based on a URL both HTTP and HTTPS. Two are tomcat and two are IIS and I would like to use something like /jsp/* and /aspx/*. I can get the http L5 rules setup just fine but when I try and use port 443 with a layer 5 content rule I get nothing. The show flows command shows the external ip, the vip but 0.0.0.0 for the NAT IP. Is it possible to do what I'm trying to do?


my config is


service iis1

ip address 10.0.0.1

active

service iis2

ip address 10.0.0.2

active

service tomcat1

ip address 10.0.0.3

active

service tomcat2

ip address 10.0.0.4

active

owner test

content iis

vip address 10.1.1.1

url "/aspx/*"

advanced-balance arrowpoint-cookie

add service iis1

add service iis2

protocol tcp

port 80

active


content iis_ssl

vip address 10.1.1.1

url "/aspx/*"

advanced-balance ssl

application ssl

add service iis1

add service iis2

protocol tcp

port 443

active

Thanks in advance

Justin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Wed, 11/07/2007 - 11:34
User Badges:
  • Cisco Employee,

Justin,


the sll traffic is encrypted by definition.

So, the CSS or any other device, can't see the content of the traffic including the url.

The only way is to use the SSL module in combination with the server key and certificate.


Gilles.

justinjmiller Wed, 11/07/2007 - 11:42
User Badges:

Thanks for the response Giles. I've been working on doing that and I think I have it working but the problem now is that we have some apps that look to make sure the conversation is secure and redirect if not. With the SSL module, it doesn't look like the servers will ever see whether or not the user is connecting via HTTPS. Is there any way around that?

Actions

This Discussion