Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco ACE 4710 Appliance Integration with MS Exchange 2k7

We are in process of deploying MS Exchange 2k7. I would like to configure the ACE 4710 to load balance the client access servers. These servers will use port 80 and 443. What is the best practice?

1. Should the ACE pass 443 traffic through?

2. Should the ACE do an end to end SSL termination?

Also, the server will automatically redirect any port 80 traffic to 443. How will the ACE behave with that type of traffic? Do I have to implement any URL rewrite or port redirection on the ACE?

Cisco Employee

Re: Cisco ACE 4710 Appliance Integration with MS Exchange 2k7

You should probably configure the redirect on ACE.

This will spare the server and make sure the redirect is to the expected name/vip and not the server name/ip.

Do you need stickyness ?

Or do you need to insert any data in the http header (like client source ip) ?

Do you need different loadbalancing depending on the server directory ?

If you don't need those things, you do not need to terminate ssl on ACE.


Community Member

Re: Cisco ACE 4710 Appliance Integration with MS Exchange 2k7

Thank you very much for the reply, I was thinking about configuring ip source sticky, create a SSL URL rewrite and probably create a layer 7 load balance policy. My biggest concern is how the ACE will handle to 443 traffic, and how my VIP and real server will be configured. I will not specify any port on my VIP but I do have to specify port 443 and 80 in my server farm. Please correct me if I am wrong. Below is the sample of my config.

action-list type modify http urlrewrite

ssl url rewrite location "www\.ExchangeWebmail\.com"

rserver host EXCHANGE1

ip address


rserver host EXCHANG2

ip address

serverfarm host SF-MSEXCHANGE

rserver EXCHANGE1 80


rserver EXCHANGE2 80


rserver EXCHANGE1 443


rserver EXCHANGE2 443


sticky ip-netmask address source STICKY_ MSEXCHANGE

timeout 59

serverfarm SF-MSEXCHANGE

class-map type http loadbalance match-any SF-MSEXCHANGE_L7

2 match http url /ExchangeWebmail.*

class-map match-all VIP_ SF-MSEXCHANGE

2 match virtual-address any

parameter-map type http NO_CASE


no persistence-rebalance

policy-map type loadbalance first-match PM_ MSEXCHANGE_L7


sticky-serverfarm SFAUAT_L7_TEST_COOKIE

policy-map multi-match PM_multi_match


loadbalance vip inservice

loadbalance policy PM_SFA_UAT_L7_TEST

loadbalance vip icmp-reply active

appl-parameter http advanced-options NO_CASE

Cisco Employee

Re: Cisco ACE 4710 Appliance Integration with MS Exchange 2k7

You have to split the serverfarm in 2.

One for HTTP traffic and one for HTTPS traffic.

You should configure the redirect from http to https on ace itself with a redirect host.

No need to loadbalance http traffic it it needs to be redirected.

So save time/resource on ace and servers and configure the redirect on ACE.

Your ssl rewrite can only be done if you terminate SSL on ACE.

You don't need it.

Get 2 vips.

One for HTTP traffic and associate it with the redirect host.

One for https and associated with your serverfarm

You can't use class SF-MSEXCHANGE_L7 with HTTPS traffic since the traffic is encrypted.

So simply use the class class-default.

You can see the redirect config @


Re: Cisco ACE 4710 Appliance Integration with MS Exchange 2k7

Hi Allen,

Just go throught this big link and you will find your complete solution for exchange 2007 with ace and so much more. Hope it will help you.

few more ACE related help links

1.ACE Client and Servers Hitting the Same VIP

2. Configure ACE in Routed Mode with L7 Policies

3. Configure ACE Module for End to End SSL Termination

4. Configure ACE with Source NAT and Client IP Header Insert

5. Configure ACE with SSL Termination and URL Rewrite

6. Integrate Cisco Service Modules with Cisco Catalyst 6500 Virtual Switching System 1440

7. Product support page for ace module 47xx

8. Cisco ACE 4700 Series Appliance Device Manager GUI Configuration Guide

9. Cisco ACE appliance product home page

10. Cisco ace config ssample :

1. FTP serverfarm on Cisco ACE

11. CISCO ACE with SAP

12. CISCO ACE white papaers with tons of code and design examples

Please rate if you find it any useful for you.

Kind regards

sachin garg

Please rate if it will help u any.

CreatePlease to create content