Solved: ACE ssl issue

lukaszkhalil · ‎04-28-2009

Hello

I'm trying to establish a SSL connection via the redundant pair of ACE modules. I try to configure everything according to the config guide, but when I'm trying to connect to the VIP ip address the ACE is sending RST packet to my PC. The same s-farm is accessible via HTTP.

Could you please let me know what is wrong ?

I'm attaching the LAB configuration from the tested context.

Could you also explain to me how should I understand the "CA Cert:" in show crypto certificate all output.

Thank you in advance

Regards

Lukas

ciscocsoc · ‎04-28-2009

Hi Lukas,

In your serverfarm definition you need to add the port 80 after the rserver: So:

serverfarm host S2

rserver PC4 80

inservice

By default the ACE will send the packets to the rserver with the same destination port as it received it on. So your sending packets to 443 that are in plain text rather than SSL. By setting the port explicitly you override the default behaviour.

There is an example config at http://docwiki.cisco.com/wiki/SSL_Termination_on_the_Cisco_Application_Control_Engine_Using_an_Existing_Certificate_and_Key_in_Routed_Mode_Configuration_Example

HTH

Cathy

View solution in original post

ciscocsoc · ‎04-28-2009