×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ACE 4710 - Internet Explorer cannot display the webpage

Unanswered Question
Jul 10th, 2014
User Badges:

Hi,

We have implemented HTTPS redirection and SSL termination in ACE for one server-farm. The webpage is not getting displayed in internet explorer and even the redirection is not taking place. Whereas, with Firefox and chrome browsers, the website displays properly. Please suggest a solution to this issue.

The ACE configuration is as below.

crypto chaingroup STAR_GRP_CHAINGRP
  cert star_exe_edu_sa.crt
  cert star_TrustedRoot.crt
  cert DigiCertCA.crt

probe tcp PROBE_8000
  port 8000
  interval 5
  passdetect interval 10
  open 10

rserver host PMCRAGRPWEB01_172.18.13.48
  description SBM PMCRAGRPWEB01_172.18.13.48
  ip address 172.18.13.48
  conn-limit max 4000000 min 4000000
  inservice

rserver host PMCRBGRPWEB01_172.18.13.49
  description SBM PMCRBGRPWEB01_172.18.13.49
  ip address 172.18.13.49
  conn-limit max 4000000 min 4000000
  inservice

rserver redirect REDIRECT-GRPTEST
  webhost-redirection https://%h%p 302
  inservice

serverfarm host SF_GRP_TEST_SERVER
  description GRP test sererfarm for irecruitment
  probe ICMP_PROBE
  probe PROBE_8000
  rserver PMCRAGRPWEB01_172.18.13.48 8000
    conn-limit max 4000000 min 4000000
    inservice
  rserver PMCRBGRPWEB01_172.18.13.49 8000
    conn-limit max 4000000 min 4000000
    inservice

serverfarm redirect SRV-REDIRECT-GRPTEST
  rserver REDIRECT-GRPTEST
    inservice

parameter-map type ssl Star_GRP_PARAMMAP

sticky ip-netmask 255.255.255.255 address source GRPTEST_sticky
  serverfarm SF_GRP_TEST_SERVER
  timeout 120
  replicate sticky
sticky ip-netmask 255.255.255.255 address source REDIRECT-GRPTEST-STICKY
  serverfarm SRV-REDIRECT-GRPTEST
  timeout 120
  replicate sticky

ssl-proxy service STARGRP_SERVER
  key star.exe.edu.sa.key
  cert star_exe_edu_sa.crt
  chaingroup STAR_GRP_CHAINGRP
  ssl advanced-options Star_GRP_PARAMMAP

class-map type http loadbalance match-any MATCH-WEBSITEURL-GRPTEST
  4 match http header Host header-value ".*grp.exe.edu.sa.*"

class-map match-any VIP_GRP_TEST_SERVER
  5 match virtual-address 172.18.13.58 tcp eq https
  6 match virtual-address 172.18.13.58 tcp eq 8000

class-map match-any class-REDIRECT-GRPTEST-HTTPS
  5 match virtual-address 172.18.13.58 tcp eq www

policy-map type loadbalance first-match VIP_GRP_TEST_SERVER-SLB
  class class-default
    sticky-serverfarm GRPTEST_sticky

policy-map type loadbalance first-match VIP_REDIRECT_GRPTEST-SLB-HTTPS
  class MATCH-WEBSITEURL-GRPTEST
    sticky-serverfarm REDIRECT-GRPTEST-STICKY

policy-map multi-match INT228-228
 class class-REDIRECT-GRPTEST-HTTPS
    loadbalance vip inservice
    loadbalance policy VIP_REDIRECT_GRPTEST-SLB-HTTPS
    loadbalance vip icmp-reply
    nat dynamic 1 vlan 228
  class VIP_GRP_TEST_SERVER
    loadbalance vip inservice
    loadbalance policy VIP_GRP_TEST_SERVER-SLB
    loadbalance vip icmp-reply
    nat dynamic 1 vlan 228
    ssl-proxy server STARGRP_SERVER

interface vlan 228
 service-policy input INT228-228

Regards,

Madhan kumar G

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Fnu Kanwaljeet Singh Thu, 07/10/2014 - 06:18
User Badges:
  • Cisco Employee,

Hi Madhan,

If it is working with Mozilla and Chrome, the configuration seems to be fine. Which version on IE are you facing issues with? Have you tried different versions of IE?

Can you take a quick client capture and see where the connection fails and why?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Actions

This Discussion