Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Application using SSL not working on the CSM

Hello,

I am trying to get an application working on CSM-S but so far without luck. What I am doing is the following:

1. On the CSM I create a vserver and serverfarm pointing to the SSL-PROXY:

serverfarm ITIMSSL

nat server

no nat client

real 10.10.10.253 local

inservice

vserver ITIMSSL

virtual 10.10.10.253 tcp https

serverfarm ITIMSSL

persistent rebalance

inservice

2. On the SSL Proxy I configured the following:

ssl-proxy service ITIM

virtual ipaddr 10.10.10.253 protocol tcp port 443 secondary

server ipaddr 10.10.10.254 protocol tcp port 9080

certificate rsa general-purpose trustpoint itim

inservice

My understanding is that with this config the traffic coming in on .253 port 443 should be sent to .254 port 9080.

3. On the CSM than I create vserver for real serverfarm:

natpool ITIM-PROD-NAT 10.10.10.254 10.10.10.254 netmask 255.255.255.0

probe ITIM http

request method get url /enrole

interval 15

retries 2

failed 30

open 2

port 9080

serverfarm ITIM-PROD

nat server

nat client ITIM-PROD-NAT

real name DDDEVA0059

inservice

real name DDDEVA0019

inservice

probe ITIM

vserver ITIM-PROD

virtual 10.10.10.254 tcp 9080

serverfarm ITIM-PROD

replicate csrp connection

persistent rebalance

inservice

With this config all real servers show as up. If I go directly to the vserver 10.10.10.254 it works but the SSL communication is not working. If I check my browser using HTTP watch it looks like I am being redirected to http://10.10.10.253:9080/enrole which obviously does not work. I expect that with this config the redirect should be http://10.10.10.254:9080/enrole which would work.

Thanks.

1 REPLY
New Member

Re: Application using SSL not working on the CSM

Ok. I figured it out. The url rewrite was missing in the config. Put it there and its working now.

310
Views
0
Helpful
1
Replies