Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1296
Views
0
Helpful
3
Replies

ACE 4710 https sticky configuration

iwearing
Level 1
Level 1

‎08-30-2010 07:49 AM

Hi,

I have a customer who load balances https across 3 servers. The vip load balances port 443 to real servers on port 443 also.

They prefer to terminate https on their own servers. There is a requirement for clients to stick to the same real server for the duration of the sesion. Is this possible when we are terminating 443 on the customers real servers?

thanks

Ian.

Labels:
0 Helpful
3 Replies 3

litrenta
Level 3
Level 3

‎08-30-2010 08:08 AM

If you are not terminating ssl on the ace sticky options are limited, you can stick via ssl session id but this ge

nerally is unsatisfactory because IE reno

gatiates session id every 2 minute.

So you are limited to source ip sticky in this application such as:

sticky ip-netmask 255.255.255.255 address source GROUP1
  timeout 240
  replicate sticky

serverfarm test

then on lb policy use

policy-map type loadbalance first-match test4
  class class-default
sticky-serverfarm GROUP1

0 Helpful

iwearing
Level 1
Level 1
In response to litrenta

‎08-30-2010 08:31 AM

Hi,

Thanks for the clarification and sample config. I suppose that cookies inserted by the servers is not an option as we are not terminating ssl on the ace appliances.

Ian.

0 Helpful

Tyrone Van Der Haar
Level 1
Level 1
In response to iwearing

‎11-22-2010 01:14 PM

You could try using a redirect rserver

       redirect

http ----------->https

T

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents