Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACE30 Stickiness Options

Hi,

We currently have a VIP that resides on an ACE30, listening on Port 443. Clients are connecting to the VIP through a https browser session, with the VIP simply forwarding the request on the rservers on the same port. From a stickiness perspective, we currently have it configured based on the SSL Session-ID, which I'm not entirely convinced is working fully as we expect it to.

Based on the above configuration with the ACE not having any visibility of the incoming 443 connectivity do we have any stickiness options outside of using SSL Session-ID.  Unfortunately, all the clients connecting to us are coming through a Single NAT address, so we're not able to base it configured on Source IP either.

I don't have experience with any other stickiness configurations, so just wanted to reach out to see what experiences others have had.

TIA

Dan

Everyone's tags (2)
1 REPLY

ACE30 Stickiness Options

Hi Daniel,

You could refer to the following link

http://www.cisco.com/c/en/us/support/docs/interfaces-modules/ace-application-control-engine-module/107401-ace-end2end.html

It gives the example configuration for achieving  both SSL end to end solution and stickyness using cookie insert

Here ACE does decryption for the 443 traffic using loaded key and certificate. Then, the traffic will be encrypted again and sent to the rservers in cipher text  and persistence rebalance is also required to look for the layer 7 information in each and every request and then load balance


645
Views
0
Helpful
1
Replies
CreatePlease login to create content