SSL in transparent mode.

Unanswered Question
Jun 21st, 2009
User Badges:


i have done this migration for my client who didn't want to change anything on his existing network.

So we went ahead with L2 ACE,though it working now here are my issues:

1. I have 2 vlans for the servers, vlan 20 and 30, only 1 vlan seems to work at one time in the admin context , so i had to create 2 contexts for the 2 vlans, need to know the reason for this or am i missing something here ??

2. my SSL doesn't seem to work when doing basic SSL termination , as of now the way its working is i think its just forwarding the SSL request to the servers which are doing SSL termination.

if i change the "rserver" port to 80 or to 443 explicitly it doesn't work.

if i add the SSL-proxy server + i try to do SSL initiation to the SSL servers behind, it still doesn't work.

If my webservers are doing SSL termination i am required to do "end-to-end SSL termination" , correct ?

do i have to do a L7 policy ? this is one thing i haven't done..

throw me some light gentlemen !!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Mon, 06/22/2009 - 00:46
User Badges:
  • Cisco Employee,

1/ you are missing access-group on the server interfaces to allow traffic.

Not sure if that can explain the issue you had seen.

But you can have multiple bridge-group inside a single context.

2/ You need to have separate class-map for ssl and http.

The serverfarm must be configured with port 80 specifically for both SSL and HTTP

(unless you want to re-encrypt traffic on the backend).

Finally, doesn't work is pretty vague.

You need to capture the config, stats before and after a test and a sniffer trace.

With that info, you can define the 'does not work' and make changes where required.

BTW, nat-pool are being used only on the output interface.

You have defined them on the client vlan...I doubt this is what you want.

Usually, you configure them on the server vlan.

But in bridge mode, I don't see the need for nat-pool anyway.



This Discussion