Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACE 4710 https sticky configuration

Hi,

I have a customer who load balances https across 3 servers. The vip load balances port 443 to real servers on port 443 also.

They prefer to terminate https on their own servers. There is a requirement for clients to stick to the same real server for the duration of the sesion. Is this possible when we are terminating 443 on the customers real servers?

thanks

Ian.

3 REPLIES
Cisco Employee

Re: ACE 4710 https sticky configuration

If you are not terminating ssl on the ace sticky options are limited, you can stick via ssl session id but this ge

nerally is unsatisfactory because IE reno

gatiates session id every 2 minute.

So you are limited to source ip sticky in this application such as:

sticky ip-netmask 255.255.255.255 address source GROUP1
  timeout 240
  replicate sticky

serverfarm test

then on lb policy use

policy-map type loadbalance first-match test4
  class class-default
sticky-serverfarm GROUP1

New Member

Re: ACE 4710 https sticky configuration

Hi,

Thanks for the clarification and sample config. I suppose that cookies inserted by the servers is not an option as we are not terminating ssl on the ace appliances.

Ian.

Re: ACE 4710 https sticky configuration

You could try using a redirect rserver

       redirect

http ----------->https

T

1040
Views
0
Helpful
3
Replies
CreatePlease to create content