04-01-2008 12:27 AM
Hi everyone
We've just started investigating moving SSL offload to our CSS11501. I've got the configuration working with a single (HTTP) server as per the example configuration at:
I'm unsure as to how to load balance to multiple HTTP servers though. Anyone have a simple config which will make this clear?
Thanks
04-01-2008 08:29 AM
I'm glad the example I wrote was helpful to you.
To answer your question, what you need to do is send the decrypted traffic to another vip on the CSS.
So, you create a content rule for the cleartext traffic.
Assign a vip, a port, all the http servers.
Then in your ssl proxy-list, replace the destination server ip with the vip from your cleartext content rule.
Gilles.
04-01-2008 01:37 PM
Thanks Gilles.
We have it working very well now, with one slight workaround:
The SSL-HTTP proxying worked fine. We have only one content rule for client facing, and for to where the ssl-proxy-list redirects. When we added another L4 rule to redirect port 80 requests to port 443, we ended up with a loop.
To resolve this issue we changed the HTTP port on the webservers to 81, and used this port in the ssl-proxy-list.
I assume if we had two separate content rules (one for client facing, and one for the ssl-proxy-list to forward to), we would not have had this issue?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide