CSS SSL Multiple Applications

Unanswered Question
Aug 5th, 2009

Is it possible to do the following on CSS with SSL module:

content ssl-rule

vip address 10.10.10.1

protocol tcp

port 443

add service ssl_module1

application ssl

advanced-balance ssl

active

content rule-1

vip 10.10.10.1

port 80

add service service1

add service service2

active

content rule-2

vip 10.10.10.1

port 8080

add service service1

add service service2

active

content rule-3

vip 10.10.10.1

port 8081

add service service1

add service service2

active

Basically the VIP is same but port numbers differ.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jason.espino Thu, 08/06/2009 - 16:18

The configuration you have outlined is fine. You can have multiple content rules with the same VIP address balance upon different inbound ports. However, what VIP/port within the proxy-list do you want the CSS to send the decrypted SSL traffic to?

10.10.10.1:80

10.10.10.1:8080

10.10.10.1:8081

What are you trying to accomplish?

Gilles Dufour Fri, 08/07/2009 - 01:26

That's exactly how you have to do it.

Use different rules with the same virtual ip but different port.

You can also have the same port ip, same port but different "url" command so depending on the url requested by the user you performance different type of loadbalancing or send a redirect ...

Gilles.

Actions

This Discussion