cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
479
Views
0
Helpful
4
Replies

CSM - HTTP to HTTPS on same CSM

krebsedmc
Level 1
Level 1

Greetings all,

I have 2 challenges

1) redirect port 80 to 443 on same CSM

2) Allow 443 in directly to the same server that port 80 is being redirected to.

Essentially we have some sites that were converted to HTTPS, but there are legacy users who still have port 80 bookmarked.

I am getting confused with where the command redirect-vserver points. Most of the examples are for SiteA to SiteB connectivity - so you could assume the redirect-vserver points to a VIP on a different CSM (that would be easy).

My issue is that these all live on the same CSM. When I create a vserver TEST_443 tcp 443 and try to point the redirect-vserver to it, I get an error message:

% Virtual server TEST_443 is already configured as a Redirect vserver.

How do you perform same CSM TCP Port redirection is my question?

Also, to challenge #2 above, I also need to allow in 443 directly. This would normally be no big deal, but with the redirection, I am getting a bit confused.

Thanks for any and all replies.

4 Replies 4

Gilles Dufour
Cisco Employee
Cisco Employee

you can do it.

Just do not use the same name for the redirect-vserver and the vserver.

Gilles.

gdufour,

Thanks for replying, I tested in the Lab and everything is working.

Sometimes the stupid things kill you....

Thanks!!!!

I have exactly same scenario as Kenneth has described above. But I have CSM module without SSL daughter card. So, first I want to confirm that does CSM alone(without SSL daughter card) support HTTPS requsts? Can I connect servers listning at port 443(HTTPS port) to this CSM?

Here is the configuration I have created for this. Could someone verify that this can work for above mentioned scenario before I can implement this in production. (Unfortunatly No facility for Lab Check). Thanx in advance.

**CONFIGURATION FOR HTTPS**

serverfarm HTTPSFARM

nat server

no nat client

real 172.16.23.81 443

inservice

real 172.16.23.82 443

inservice

!

vserver HTTPSVIP

virtual 10.20.221.100 tcp 443

serverfarm HTTPSFARM

persistent rebalance

inservice

!

!

**CONFIGURATION FOR REDIRECTING HTTP to HTTPS**

!

map SPORTMAP url

match protocol http://gspme.com*

!

serverfarm REDIRECTFARM

nat server

no nat client

redirect-vserver HTTPSVIP

webhost relocation https://gspme.com 301

inservice

!

serverfarm HTTPFARM

nat server

no nat client

real 172.16.23.81

inservice

real 172.16.23.82

inservice

!

policy SPORTPOLICY

url-map SPORTMAP

serverfarm REDIRECTFARM

!

vserver HTTPVIP

virtual 10.20.221.100 tcp www

serverfarm HTTPFARM

persistent rebalance

slb-policy SPORTPOLICY

inservice

!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: