04-28-2009 02:49 AM
Hello
I'm trying to establish a SSL connection via the redundant pair of ACE modules. I try to configure everything according to the config guide, but when I'm trying to connect to the VIP ip address the ACE is sending RST packet to my PC. The same s-farm is accessible via HTTP.
Could you please let me know what is wrong ?
I'm attaching the LAB configuration from the tested context.
Could you also explain to me how should I understand the "CA Cert:" in show crypto certificate all output.
Thank you in advance
Regards
Lukas
Solved! Go to Solution.
04-28-2009 07:41 AM
Hi Lukas,
In your serverfarm definition you need to add the port 80 after the rserver: So:
serverfarm host S2
rserver PC4 80
inservice
By default the ACE will send the packets to the rserver with the same destination port as it received it on. So your sending packets to 443 that are in plain text rather than SSL. By setting the port explicitly you override the default behaviour.
There is an example config at http://docwiki.cisco.com/wiki/SSL_Termination_on_the_Cisco_Application_Control_Engine_Using_an_Existing_Certificate_and_Key_in_Routed_Mode_Configuration_Example
HTH
Cathy
04-28-2009 07:41 AM
Hi Lukas,
In your serverfarm definition you need to add the port 80 after the rserver: So:
serverfarm host S2
rserver PC4 80
inservice
By default the ACE will send the packets to the rserver with the same destination port as it received it on. So your sending packets to 443 that are in plain text rather than SSL. By setting the port explicitly you override the default behaviour.
There is an example config at http://docwiki.cisco.com/wiki/SSL_Termination_on_the_Cisco_Application_Control_Engine_Using_an_Existing_Certificate_and_Key_in_Routed_Mode_Configuration_Example
HTH
Cathy
05-07-2009 04:50 AM
Hello
Thank you. It helps :)
Regards
Lukas
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide