Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE service module SSL termination for soap over HTTPS

I have a virtual server configured to terminate SSL traffic and send to the real server in clear text. This works great when I test from my browser and access the web site on the server.

However when another group attempts to sent soap over HTTPS to the same virtual server the ACE drops the connection.

Just wondering if anyone has seen this before?

access-list PERMIT line 8 extended permit ip any any

serverfarm host SecureSite

probe PROBE_SERVICE_ICMP

rserver SecureSite 81

inservice

parameter-map type connection TCP_PARAM

syn-data drop

exceed-mss allow

class-map match-all SecureSite

2 match virtual-address 10.24.44.11 tcp eq https

policy-map type loadbalance first-match SecureSite-l7slb

class class-default

serverfarm SecureSite

policy-map multi-match POLICY

class SecureSite

loadbalance vip inservice

loadbalance policy SecureSite-l7slb

loadbalance vip icmp-reply active

nat dynamic 1 vlan 332

ssl-proxy server SecureSite

connection advanced-options TCP_PARAM

Service policy is applied at the interface.

5 REPLIES
New Member

Re: ACE service module SSL termination for soap over HTTPS

I suspect the server sends an HTTP redirect which will not be usable until you set up SSL URL rewrite. It is a very good practice to have this feature enabled for all SSL termination configs.

Peter

New Member

Re: ACE service module SSL termination for soap over HTTPS

I assume you just omitted to paste the 'ssl-proxy service SecureSite' section with the cert and the key.

New Member

Re: ACE service module SSL termination for soap over HTTPS

Yes, I actually forgot to include the ssl-proxy service in my post. It is there and is configured. Works just fine with regular website traffic. I even tried a different ssl-proxy service just to see if there was any change.

New Member

Re: ACE service module SSL termination for soap over HTTPS

"However when another group attempts to sent soap over HTTPS to the same virtual server the ACE drops the connection."

Where's this group connecting to the VIP from?

Is it from a client-side or server-side vlan?

New Member

Re: ACE service module SSL termination for soap over HTTPS

We ended up resolving this issue. It turned out to be something really simple. The client that was sending the soap traffic did not have the proper SSL certificate installed on the server that was generating the soap traffic.

291
Views
0
Helpful
5
Replies