Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACE Bridge mode with SSL Help

Hi,

I am trying to setup an ACE 4710 in bridge mode. It has an SSL module to terminate https connections then passes of the real servers as http.

The connection comes in, hits the vip but then i get no response.

Can someone check out my config and give me any pointers?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ACE Bridge mode with SSL Help

James,

you did not specify the port 80 for server2.

So ACE will send the decoded traffic to port 443.

serverfarm host Groupwise_Farm

rserver Server1 80

rserver Server2

configure Server2 like Server1.

Gilles.

6 REPLIES

Re: ACE Bridge mode with SSL Help

What is the status of your real servers.

Are they UP?

Since you are using HTTP probes

you need to define expect status under probes.

If you do not configure an expected status code (expect status 200 200 ),

any response from the server is marked as failed.

Syed

Community Member

Re: ACE Bridge mode with SSL Help

Hi Syed,

Thanks for your response.

We are testing only on Server2 at the moment and the status is success and showing operational in the server farm, we had problems with the http probe so at the moment we are using only icmp for a test.

I shall add the expect status to the http probe and see if that

James

Cisco Employee

Re: ACE Bridge mode with SSL Help

James,

you did not specify the port 80 for server2.

So ACE will send the decoded traffic to port 443.

serverfarm host Groupwise_Farm

rserver Server1 80

rserver Server2

configure Server2 like Server1.

Gilles.

Community Member

Re: ACE Bridge mode with SSL Help

Thanks Gilles, i will give it a try.

I have also resolved the http probe by adding expect status as Syar suggested, thanks!

One thing also confusing me, should i be able to ping the VIP address from the Server side in my case VLAN 101? I can png it from the client side and I cannot ping the BVI either..

James

Cisco Employee

Re: ACE Bridge mode with SSL Help

James,

you can only ping it from the interface where you have defined the service policy.

service-policy input L4_SSL-VIP_Policy

To ping an interface ip address, you need to configure a management policy that allows icmp.

Gilles.

Community Member

Re: ACE Bridge mode with SSL Help

Giles,

Thanks again, you have been a great help.

It is now working!!

Just need to setup stickies now...

302
Views
0
Helpful
6
Replies
CreatePlease to create content