Gilles Dufour Tue, 11/11/2008 - 04:07
User Badges:
  • Cisco Employee,

First you will need to certificate and key associated with mycompany.com in order to decrypt the request.

Then you can configure a redirect rserver in order to send the redirect.


You can't do this if you do not have the key and cert as this is exactly the purpose of SSL.


Gilles.

rajesh.perumalla Tue, 11/11/2008 - 13:59
User Badges:

Hi Gilles,


I am having the certificate and the key.


Please check the config and confirm whether this looks fine or not.



I am using GSS to resolve www.mycompany.com and www1.mycompany.com


probe http Server1

interval 15

passdetect interval 60

request method head url /keepAlive.html

expect status 200 202

open 10


parameter-map type ssl PARAMMAP_SSL_TERMINATION

cipher RSA_WITH_3DES_EDE_CBC_SHA

cipher RSA_WITH_AES_128_CBC_SHA priority 2

cipher RSA_WITH_AES_256_CBC_SHA priority 3


rserver redirect HTTPS-REDIRECT

conn-limit max 4000000 min 4000000

webhost-redirection https://www1.mycompany.com.au 301

inservice


serverfarm host SFARM_HTTPS

rserver Server1_http 80

inservice

serverfarm redirect https-redirect

rserver HTTPS-REDIRECT

inservice


ssl-proxy service SSL_PSERVICE

key MYKEY.PEM

cert ACE-SP2.CER

ssl advanced-options PARAMMAP_SSL_TERMINATION


class-map type http loadbalance match-any HTTPS1

2 match http header Host header-value "www[.]mycompany[.]com"

class-map type http loadbalance match-any HTTPS2

2 match http header Host header-value "www1[.]mycompany[.]com"


policy-map type loadbalance first-match HTTPS

class HTTPS1

serverfarm https-redirect

class HTTP2

serverfarm SFARM_HTTPS

class class-default

serverfarm SFARM_HTTPS


policy-map multi-match HTTPS-PM

class HTTPS-RED

loadbalance vip inservice

loadbalance policy HTTPS

loadbalance vip icmp-reply active

ssl-proxy server SSL_PSERVICE


Also let me know know if there is any another way to configure the redirection other than matching host header.


Thanks in Advance

Syed Iftekhar Ahmed Tue, 11/11/2008 - 19:55
User Badges:
  • Blue, 1500 points or more

It looks good and should work.


Just one recommendation for your configured probe


"Probe interval" should always be less then (open+recieve) timeout value. Default open & receive timeouts are 10 seconds.


Thanks

Syed Iftekhar Ahmed


Actions

This Discussion