SSL Termination

Unanswered Question
May 21st, 2008

I am wondering if one can terminate a SSL tunnel on an ASA in order to install the certificate for a web farm located inside the network? We have a two servers on the inside with one designated as failover and in the instance that I need to failover to the secondary machine I would just rather change the nat statement so the customer does not see a difference when they make the request. This of course would require that the ssl tunnel be terminated at the ASA so that the certificate will still be valid.

I know that one can set this kind of scenario up on a Microsoft ISA server but I do not really want to put something like that in place here.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

Ever thought os using a Content Switch W/SSL? You can terminate to a VIP that is the SSL termination point and then go back to your two servers. Similar in function to having two (or more) Web Servers with the SSL termination done on the front side (not on the servers themselves).

Do a search for 11500's here and look at SSL configurations.


This Discussion