×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

port change from 443 to 9000

Unanswered Question
Jul 31st, 2013
User Badges:

Hi,


I have a server which listens on port 9000. Clients connects to ACE on port 443 as ssl connection.


How to configure ACE to send the request it receives on port 443 to port 9000 on server?

I have ssl offloading configured on ACE.

Users access https://extranet.abc.com/sonarringo and hits the ACE. ACE redirects client to https://extranet.abc.com/sonarringo which again hits ACE.


ACE sends the request to server on port 9000.But this is not working somehow.


When I see connection on ACE, i see return connection from server to ACE on port 443 and in INIT state whereas it should come on port 9000.

SSL offloading is working fine as other links on same website are working fine.


Below is the config..can anyone suggest?


probe tcp adc_ringodashboard

  port 9000

  interval 5

  passdetect interval 5

  connection term forced


rserver redirect adc_sonarringo-redir

  webhost-redirection

  https://extranet.abc.com/sonarringo/

  inservice

             

rserver host adc_sonarringo

  ip address 10.140.223.223

  inservice


serverfarm host adc_sonarringo-fwd

  probe adc_ringodashboard

  rserver adc_sonarringo 9000

    inservice


class-map type http loadbalance match-any adc_sonarringo-redir

  2 match http url /sonarringo


class-map type http loadbalance match-any adc_sonarringo-fwd

  2 match http url /sonarringo/*

  3 match http url /sonarringo/.*


policy-map type loadbalance first-match ssl-extranet

class adc_sonarringo-redir

    serverfarm adc_sonarringo-redir

  class adc_sonarringo-fwd

    serverfarm adc_sonarringo-fwd


policy-map multi-match external-lb

    class ssl-extranet

    loadbalance vip inservice

    loadbalance policy ssl-extranet

    loadbalance vip icmp-reply active

    nat dynamic 1 vlan 368

    appl-parameter http advanced-options case_param

    ssl-proxy server extranet


parameter-map type http case_param   This parameter is applied in multimatch policy.

  case-insensitive

  no persistence-rebalance

  set header-maxparse-length 65535

  set content-maxparse-length 65535

  length-exceed continue

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nishchay nadkarni Wed, 07/31/2013 - 21:07
User Badges:

Hi Jorge,


Users connect to server with https://extranet.nl.capgemini.com/sonarringo which hits the ace and ace redirects clinet to https://extranet.nl.capgemini.com/sonarringo/ which eventually again hit the ACE and this time ACE matches another layer 7 class (adc_sonarringo-fwd) and passes the traffic to server. Server should reply back to client with webpage.

This config is converted from existing CSS configuration which was working fine with CSS and similar config works for other applications.


If I create a action list which converts http request header from extranet.nl.capgemini.com to extranet.nl.capgemini.com:9000, i can see connection established onn ACE and i see similar URL in client browser which i get wen directed connecting to site (header value changed) but still i cant see webpage properly.

nishchay nadkarni Wed, 07/31/2013 - 21:44
User Badges:

Hi,


What I need to know what is the way to convert such SSL request to ports other than 80 as 9000 in my case without opening such ports on firewalll from outside world to my network?


I think Its something related to class map and reg ex.....

Actions

This Discussion