if you speak about end-to-end SSL, you do mean that a client connects to the VIP in SSL, the ACE terminates the SSL connection, performs some load-balancing decisions, reencrypts the traffic and sends it, again encrypted, to the server.
For that to work, you need a key-cert pair to do the SSL termination ==> SSL -proxy server
For the SSL initiation (ACE to server traffic) you do not need a key-cert pair ==> SSL -proxy client
Take a look at following example on how this is configured:
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...