Is it possible to redirect https traffic to http in CSM?

Unanswered Question
Feb 4th, 2009
User Badges:

Hello,


I have a requirement to redirect https traffic to http. Is it possible to do that in the CSM?


In the CSM documentation all redirect examples/config etc refer only to http traffic so I am wondering if the other way around is supported as well.


BTW I have already tried it on the CSM and it is not working. Everytime I try to reach the https url I get "ERROR_INTERNET_SECURITY_CHANNEL_ERROR" on http watch.


Thanks for any help offered.

Murtaza

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Wed, 02/04/2009 - 05:24
User Badges:
  • Cisco Employee,

Murtaza,


you can only do that if you can decrypt the traffic and re-encrypt.

This is the purpose of SSL.


So, you need a CSM-S or a SSL Module or the ACE module.


Gilles.

hussainmo Wed, 02/04/2009 - 06:01
User Badges:

Hello Gilles,


We do have a CSM-S but if I have understood you correctly we need to terminate SSL connection on the SSL-DC and create an HTTP one from CSM to the backend system.


This is more like SSL termination than redirect correct?


Thanks,

-Murtaza

Gilles Dufour Wed, 02/04/2009 - 07:30
User Badges:
  • Cisco Employee,

you have to send the decrypted request back to the CSM which create a redirect, send it to the SSLM which re-encrypt and forward to the client.


Gilles.

hussainmo Thu, 02/05/2009 - 06:44
User Badges:

Would you have a config example on how to do this on the CSM-S?


Thanks,

Murtaza

Gilles Dufour Fri, 02/06/2009 - 02:51
User Badges:
  • Cisco Employee,


I don't have a config in hands for this.

I have done it before and know this is feasible.


The redirect is here :

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00802877f6.shtml


Just change the vip to be only accessible by the SSLM.

Create the appropriate redirect vserver.


On the SSLM, send the decrypted traffic to the vip address and port.

Just as if the Vip was a server.


Gilles.

Actions

This Discussion