cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
679
Views
0
Helpful
5
Replies

Is it possible to redirect https traffic to http in CSM?

hussainmo
Level 1
Level 1

Hello,

I have a requirement to redirect https traffic to http. Is it possible to do that in the CSM?

In the CSM documentation all redirect examples/config etc refer only to http traffic so I am wondering if the other way around is supported as well.

BTW I have already tried it on the CSM and it is not working. Everytime I try to reach the https url I get "ERROR_INTERNET_SECURITY_CHANNEL_ERROR" on http watch.

Thanks for any help offered.

Murtaza

5 Replies 5

Gilles Dufour
Cisco Employee
Cisco Employee

Murtaza,

you can only do that if you can decrypt the traffic and re-encrypt.

This is the purpose of SSL.

So, you need a CSM-S or a SSL Module or the ACE module.

Gilles.

Hello Gilles,

We do have a CSM-S but if I have understood you correctly we need to terminate SSL connection on the SSL-DC and create an HTTP one from CSM to the backend system.

This is more like SSL termination than redirect correct?

Thanks,

-Murtaza

you have to send the decrypted request back to the CSM which create a redirect, send it to the SSLM which re-encrypt and forward to the client.

Gilles.

Would you have a config example on how to do this on the CSM-S?

Thanks,

Murtaza

I don't have a config in hands for this.

I have done it before and know this is feasible.

The redirect is here :

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00802877f6.shtml

Just change the vip to be only accessible by the SSLM.

Create the appropriate redirect vserver.

On the SSLM, send the decrypted traffic to the vip address and port.

Just as if the Vip was a server.

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: