ACE XML SSL termination

Martin Kyrc · ‎08-19-2009

hello,

I have a problem found any guide, which describes SSL termination on ACE Web Application Firewall.

I have terminated outside connection on ACE, then load-balance two WAF. I need terminate SSL after ACE, on WAF.

Can anybody redirect me to any 'howto'? Cisco doc is not clear for me.

martin

sachinga.hcl · ‎08-20-2009

Hi MArtin,

Kindly find some links , might be they useful for you:

1. Configure ACE with SSL Termination and URL Rewrite

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3045.shtml

2. SSL Termination on the Cisco Application Control Engine Without an Existing Chained Certificate and Key in Routed Mode Configuration Example

http://docwiki.cisco.com/wiki/SSL_Termination_on_the_Cisco_Application_Control_Engine_Without_an_Existing_Chained_Certificate_and_Key_in_Routed_Mode_Configuration_Example

3. Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Troubleshooting SSL

http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Module_Troubleshooting_Guide,_Release_A2(x)_--_Troubleshooting_SSL

Sachin garg

Martin Kyrc · ‎08-20-2009

Hello Sachin,

all this links shows SSL termination on ACE module/appliance. I have no problem with this. I will terminate SSL on 'ACE Web Application Firewall (WAF)' (ACE XML Gateway). I found some design guides and there was described three designs:

1. SSL terminated on ACE module, over WAF clear HTTP

2. SSL through ACE module, SSL terminated on WAF, after WAF clear HTTP

3. SSL over ACE, SSL terminated on WAF and next SSL to server

I need configure design 2.

Reason: I have two context placed on different network location (for example two DMZs) for incomming HTTPS traffic. From both contexts is connection directed to same WAF. It's clear for me terminate SSL on one place (WAF), as on two places (two contexts).

martin