Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE 4710 & SSL Offloading

I testing the 4710 for load balancing between 2 web servers. I have the http portion working just fine but would like to get some input on the SSL portion.

We have a section of our site that requires user login and the whole session is https from when they login and when they are browsing through our site.

My questions are within the design aspects. Would this best be designed using SSL offloading and then using clear text from the ACE to the web servers? Also, what would the differences be with configuring ssl offloading with stickiness if configured with http server load balancing on the same server farm versus creating a new server farm just for https? Would end-to-end ssl be best in this scenario?

Description of the web application usage:

Users log in and their whole session is https. Users will be filling out forms, inputting data, registering for events and uploading some files.

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

ACE 4710 & SSL Offloading

Use cleartext in back end (the most simple way to do it), cookie based persistance and don't forget to enable SSL rewrite / SSL redirect

3 REPLIES
Silver

ACE 4710 & SSL Offloading

Use cleartext in back end (the most simple way to do it), cookie based persistance and don't forget to enable SSL rewrite / SSL redirect

New Member

ACE 4710 & SSL Offloading

Okay so that makes sense to me now. When the client requests an HTTPS page and the ACE terminates the connection, the ACE uses SSL rewrite/redirect to send the request back to the client so that the client still maintains the SSL connection. Otherwise it will request an HTTP page instead of the HTTPS page.

Am I correct?

Silver

ACE 4710 & SSL Offloading

yes

1300
Views
0
Helpful
3
Replies
CreatePlease to create content