Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACE ssl issue

Hello

I'm trying to establish a SSL connection via the redundant pair of ACE modules. I try to configure everything according to the config guide, but when I'm trying to connect to the VIP ip address the ACE is sending RST packet to my PC. The same s-farm is accessible via HTTP.

Could you please let me know what is wrong ?

I'm attaching the LAB configuration from the tested context.

Could you also explain to me how should I understand the "CA Cert:" in show crypto certificate all output.

Thank you in advance

Regards

Lukas

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: ACE ssl issue

Hi Lukas,

In your serverfarm definition you need to add the port 80 after the rserver: So:

serverfarm host S2

rserver PC4 80

inservice

By default the ACE will send the packets to the rserver with the same destination port as it received it on. So your sending packets to 443 that are in plain text rather than SSL. By setting the port explicitly you override the default behaviour.

There is an example config at http://docwiki.cisco.com/wiki/SSL_Termination_on_the_Cisco_Application_Control_Engine_Using_an_Existing_Certificate_and_Key_in_Routed_Mode_Configuration_Example

HTH

Cathy

2 REPLIES
Silver

Re: ACE ssl issue

Hi Lukas,

In your serverfarm definition you need to add the port 80 after the rserver: So:

serverfarm host S2

rserver PC4 80

inservice

By default the ACE will send the packets to the rserver with the same destination port as it received it on. So your sending packets to 443 that are in plain text rather than SSL. By setting the port explicitly you override the default behaviour.

There is an example config at http://docwiki.cisco.com/wiki/SSL_Termination_on_the_Cisco_Application_Control_Engine_Using_an_Existing_Certificate_and_Key_in_Routed_Mode_Configuration_Example

HTH

Cathy

Community Member

Re: ACE ssl issue

Hello

Thank you. It helps :)

Regards

Lukas

160
Views
3
Helpful
2
Replies
CreatePlease to create content