Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
533
Views
0
Helpful
3
Replies

Clients with MULTI-PROXY and session persistency with ACE

Go to solution
wim.juste
Level 1
Level 1

‎02-06-2012 01:58 AM

Dear all,

Our E-commerce web application (HTTPS) is being loadbalanced by ACE20 and it is important to keep track of the user sessions in the context off user authentication by enabling session persistency (stickyness)

Some of our customers are behind a multi-proxy ISP, hence if they should change from proxy during the same application session,

that would take a re-authentication on our application.

So, we need stickyness, but not based on its IP sources (‘cus off the multi-proxy clients)

Would there be any other option to tackle this issue?

Thank you !

Kind reagards,

Wim

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎02-06-2012 02:13 AM

Hi Wim,

For this kind of setup, the best approach is using HTTP cookie stickiness, either inserted by the application servers or directly by the ACE.

The only drawback of this method is that, since you are using HTTPS, you will need to configure your ACE to do SSL termination. Without it, it won't be able to look into the HTTP data and read/insert cookies.

The link below contains a configuration example including SSL termination and cookie stickiness. You may find it useful

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml

Regards

Daniel

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎02-06-2012 02:13 AM

Hi Wim,

For this kind of setup, the best approach is using HTTP cookie stickiness, either inserted by the application servers or directly by the ACE.

The only drawback of this method is that, since you are using HTTPS, you will need to configure your ACE to do SSL termination. Without it, it won't be able to look into the HTTP data and read/insert cookies.

The link below contains a configuration example including SSL termination and cookie stickiness. You may find it useful

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml

Regards

Daniel

0 Helpful

Go to solution
wim.juste
Level 1
Level 1
In response to Daniel Arrondo Ostiz

‎02-06-2012 04:41 AM

Daniel,

Thanks for your quick response.

Seems like a fair solution, but I was wondering what the options would be if we're not allowed to do SSL offloading.

Do have any customers or experience dealing with this particular constraint?

Thanks !

Wim

0 Helpful

Go to solution
Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee
In response to wim.juste

‎02-06-2012 05:10 AM

Hi Wim,

If you are unable to do SSL termination, your available choices are limited to the L4 sticky methods only. This unforuntely means you can only do either source-ip stickiness or SSL id

Regarding SSL id, you would need to confirm whether you application keeps using the same id after a disconnection (when it possibly changes proxy)

Daniel

0 Helpful
Customers Also Viewed These Support Documents