Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
589
Views
10
Helpful
4
Replies

CSM Redirect problem

carlsond
Level 1
Level 1

‎11-02-2005 12:33 PM

I am trying to redirect HTTP traffic as SSL when users use the wrong URL. The standard SSL config works fine but as soon as I add the policy to the VSERVER nothing works and I get a "cannot find server" message.

map test-http url

match protocol http url abc.company.com*

serverfarm test-redir

redirect-vserver test-http-https

webhost relocation abc.company.com%p

ssl 10000

inservice

policy TEST-REDIR

url-map TEST-HTTP

serverfarm TEST-REDIR

serverfarm P-TEST-E

nat server

no nat client

real 10.6.0.16

inservice

real 10.6.0.17

inservice

vserver P-EINVOICE-E

virtual 10.129.59.50 tcp 10000

serverfarm P-TEST-E

sticky 240 group 2

persistent rebalance

slb-policy TEST-REDIR

Labels:
0 Helpful
4 Replies 4

Gilles Dufour
Cisco Employee
Cisco Employee

‎11-03-2005 04:50 AM

at first glance I would say this looks ok.

Capture a sniffer trace and see if you get a redirect.

Do a 'sho mod csm X vserver name P-EINVOICE-E detail' and verify if you have hits on your slb policy.

Is the traffic coming on port tcp 10000 is HTTP or HTTPS ???

If HTTPS you can't use the policy with a url-map and you can't use a redirect.

HTTPS traffic being encrypted the CSM is unable to read it or modify it.

Regards,

Gilles.

Thanks for rating this answer.

0 Helpful

j-beltzner
Level 1
Level 1
In response to Gilles Dufour

‎11-03-2005 08:12 AM

We do something simialr mroe for asthetics then anything. I use the below method. All it does it redirect the port really via url redirect. You should eb able to append the desired port numeber to the Url. Maybe I read your request wrong.

serverfarm CSG

nat server

no nat client

predictor leastconns

real name PRD01

inservice

real name PRD02

inservice

health retries 30 failed 300

probe SSL-CSG

!

serverfarm CSG-REDIR

nat server

no nat client

redirect-vserver CSG-REDIR

webhost relocation https://csg.oxo.com

inservice

!

vserver CSG-80

virtual 192.168.9.160 tcp www

serverfarm CSG-REDIR

persistent rebalance

inservice

!

vserver CSG-SSL

virtual 192.168.9.160 tcp https

replicate csrp sticky

replicate csrp connection

no persistent rebalance

slb-policy CSG-SSL

inservice

0 Helpful

carlsond
Level 1
Level 1
In response to j-beltzner

‎11-03-2005 10:28 AM

Thanks to both of you but I think what I'm trying to do can't be done. In my example abc.company.com is using the VIP 10.129.59.50. What I want to happen is for https requests to use the VIP and be load balanced. Http requests should be redirected as https requests and hit the VIP again. The result of my configuration is a request comes in, the https requests don't match the policy and get dumped, http gets redirected to https hits the VIP again and gets dumped because now it is https which does not match the policy. Does anyone have an idea as to how to get around this?

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to carlsond

‎11-04-2005 01:01 AM

the solution must come from the server side.

The CSM would not be able to do this as it expects traffic to be either HTTPs or HTTP.

Regards,

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents