ACE: SSL termination, Probe and Redirect problem

Unanswered Question
Mar 17th, 2008
User Badges:

Hello,

I have problem with three things: -1) SSL offload, -2) probe, and -3) server redirect.

1) I made SSL offload like shows attached file with "show run". But during going to the VIP address by the browser: https://192.168.254.143 I get window with Java error: java.lang.NullPointerException - I have to click OK on this window and then can work fine. Without SSL offload I don't have this error message in window.


When I have SSL offload I have following configuration:


ssl-proxy service SSL

key klucz.pem

cert certyfikat.pem


serverfarm host SFARM

rserver S1 8080

rserver S2 8080


policy-map multi-match SLB-POLICY

class SLB

ssl-proxy server SSL



Without SSL offloading I have only this:


serverfarm host SFARM

rserver S1 (without 8080!)

rserver S2



2) Right now I have two real servers and I send traffic to them by port TCP 8080. So I made probe to check TCP 8080 port availability.:


probe tcp TCP_8080

port 8080

interval 15

passdetect interval 60


serverfarm host SFARM

rserver S1 8080

probe TCP_8080

inservice

rserver S2 8080

probe TCP_8080

inservice


I want also check port TCP 6400 availability, and I only one from port 8080 or 6400 don't work - make real server unavailable. So must work TCP port 8080 ang 6400 togethet to treat real server as operational.


So I want to make something like this:


probe tcp TEST

port 8080 and 6400 !?! - ofcourse It is impossible but I want to make config with this functionality.


How to do this?




3) I hant to make that when I write in browser https://bo.kw.coig.biz/ = https://192.168.254.143 I want to be redirected to one of real server on address: https://bo.kw.coig.biz/businessobjects/enterprise115/desktoplaunch/InfoView/logon/logon.do




I made something like this:


rserver redirect S3

webhost-redirection https://%h/businessobjects/enterprise115/desktoplaunch/InfoView/logon/logon.do 302

inservice



serverfarm redirect REDIRECT

rserver S3

inservice


policy-map type loadbalance first-match POLICY-TYPE

class class-default

serverfarm REDIRECT

But this configuration dosn't work. I have in browser window with error messeging.

How to do this?







  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Tue, 03/18/2008 - 06:34
User Badges:
  • Cisco Employee,

1/ this is a java problem.

Java is telling you that it attempted to use a null pointer. You need to check with the people who created the java program


2/ you can configure multiple tcp probe, one for each port you need to monitor and assign all the probes to the serverfarm.

BTW, you can assign the problem to the entire serverfarm so you don't need to specify it for each rserver.


3/ the problem with your redirect is that you applied to class-default.

So even a request to ...../logon will be redirected to ...../logon.

Therefore you just created a nice loop.

You need to create a class-map to only match the url "/" so the redirect is only applied then.


Gilles.

siwiarek Thu, 04/10/2008 - 04:29
User Badges:

Thank you,


Regarding server redirect:

could you write me example of configuration this specific class-map? And when use this class-map in which policy-map?


Regarding java error - this aplication is Business Objects an SAP so I think that there is not big probability that this is java error.


Actions

This Discussion