I tried to implement backend SSL over the weekend and was unsuccessful. I've read all the posts here on ssl back to January and I was sure I had a solid config. I saw lots of traffic hitting the ssl module but it would not pass to the backend content rule. I was getting no hits on the backend services. I've attached the config below. This is our production load balancers so I don't have a place to play with it. Does anyone spot anything glaringly wrong with this? I think it may be an acl issue but I didn't think traffic generated internally from the CSS to the backend ssl was subject to acls. Either that or a source NAT issue, or lack thereof as that's how we ensure traffic returns through the lb. There is an acl on the frontside that has applies NAT via a source group. Thanks!
Thanks Gilles... that's the way it was looking to me but for some reason I was thinking since the processing for the backend ssl was internal to the lbs, it was not processed against the acls... I was just about to change the acls to test but my change window was up and I had to roll back... I'll let you know how it goes!
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...