Gilles Dufour Tue, 11/11/2008 - 04:07
User Badges:
  • Cisco Employee,

First you will need to certificate and key associated with in order to decrypt the request.

Then you can configure a redirect rserver in order to send the redirect.

You can't do this if you do not have the key and cert as this is exactly the purpose of SSL.


rajesh.perumalla Tue, 11/11/2008 - 13:59
User Badges:

Hi Gilles,

I am having the certificate and the key.

Please check the config and confirm whether this looks fine or not.

I am using GSS to resolve and

probe http Server1

interval 15

passdetect interval 60

request method head url /keepAlive.html

expect status 200 202

open 10

parameter-map type ssl PARAMMAP_SSL_TERMINATION


cipher RSA_WITH_AES_128_CBC_SHA priority 2

cipher RSA_WITH_AES_256_CBC_SHA priority 3

rserver redirect HTTPS-REDIRECT

conn-limit max 4000000 min 4000000

webhost-redirection 301


serverfarm host SFARM_HTTPS

rserver Server1_http 80


serverfarm redirect https-redirect



ssl-proxy service SSL_PSERVICE


cert ACE-SP2.CER

ssl advanced-options PARAMMAP_SSL_TERMINATION

class-map type http loadbalance match-any HTTPS1

2 match http header Host header-value "www[.]mycompany[.]com"

class-map type http loadbalance match-any HTTPS2

2 match http header Host header-value "www1[.]mycompany[.]com"

policy-map type loadbalance first-match HTTPS

class HTTPS1

serverfarm https-redirect

class HTTP2

serverfarm SFARM_HTTPS

class class-default

serverfarm SFARM_HTTPS

policy-map multi-match HTTPS-PM


loadbalance vip inservice

loadbalance policy HTTPS

loadbalance vip icmp-reply active

ssl-proxy server SSL_PSERVICE

Also let me know know if there is any another way to configure the redirection other than matching host header.

Thanks in Advance

Syed Iftekhar Ahmed Tue, 11/11/2008 - 19:55
User Badges:
  • Blue, 1500 points or more

It looks good and should work.

Just one recommendation for your configured probe

"Probe interval" should always be less then (open+recieve) timeout value. Default open & receive timeouts are 10 seconds.


Syed Iftekhar Ahmed


This Discussion