Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE: dropped conns due to header insert

My LB is dropping connections on port 443 when I have "insert-http source header-value "%is" configured. Other ports such as 80, or 8080 are working. The config is the same for all ports.

class-map match-any Service_VIP_Class

4 match virtual-address 1.1.1.1 tcp eq https

policy-map type loadbalance first-match Service_L7_Policy

class class-default

serverfarm Service_Serverfarm

insert-http source header-value "%is"

policy-map multi-match Service_LB_Policy

class Service_VIP_Class

loadbalance vip inservice

loadbalance policy Service_L7_Policy

loadbalance vip icmp-reply active

loadbalance vip advertise active

I see dropped conns on the service policy. When I remove the header insertion config, it connects ok.

Please help!

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ACE: dropped conns due to header insert

There is no way any device (including ACE) can open an https packet to insert anything.

Only exception:

You offload ssl using server keys and certs.Then make changes to the decrypted packet.

Syed

2 REPLIES

Re: ACE: dropped conns due to header insert

There is no way any device (including ACE) can open an https packet to insert anything.

Only exception:

You offload ssl using server keys and certs.Then make changes to the decrypted packet.

Syed

New Member

Re: ACE: dropped conns due to header insert

Oops, makes sense.

Thanks.

553
Views
0
Helpful
2
Replies