Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

CSM Redirect problem

I am trying to redirect HTTP traffic as SSL when users use the wrong URL. The standard SSL config works fine but as soon as I add the policy to the VSERVER nothing works and I get a "cannot find server" message.

map test-http url

match protocol http url abc.company.com*

serverfarm test-redir

redirect-vserver test-http-https

webhost relocation abc.company.com%p

ssl 10000

inservice

policy TEST-REDIR

url-map TEST-HTTP

serverfarm TEST-REDIR

serverfarm P-TEST-E

nat server

no nat client

real 10.6.0.16

inservice

real 10.6.0.17

inservice

vserver P-EINVOICE-E

virtual 10.129.59.50 tcp 10000

serverfarm P-TEST-E

sticky 240 group 2

persistent rebalance

slb-policy TEST-REDIR

4 REPLIES
Cisco Employee

Re: CSM Redirect problem

at first glance I would say this looks ok.

Capture a sniffer trace and see if you get a redirect.

Do a 'sho mod csm X vserver name P-EINVOICE-E detail' and verify if you have hits on your slb policy.

Is the traffic coming on port tcp 10000 is HTTP or HTTPS ???

If HTTPS you can't use the policy with a url-map and you can't use a redirect.

HTTPS traffic being encrypted the CSM is unable to read it or modify it.

Regards,

Gilles.

Thanks for rating this answer.

New Member

Re: CSM Redirect problem

We do something simialr mroe for asthetics then anything. I use the below method. All it does it redirect the port really via url redirect. You should eb able to append the desired port numeber to the Url. Maybe I read your request wrong.

serverfarm CSG

nat server

no nat client

predictor leastconns

real name PRD01

inservice

real name PRD02

inservice

health retries 30 failed 300

probe SSL-CSG

!

serverfarm CSG-REDIR

nat server

no nat client

redirect-vserver CSG-REDIR

webhost relocation https://csg.oxo.com

inservice

!

vserver CSG-80

virtual 192.168.9.160 tcp www

serverfarm CSG-REDIR

persistent rebalance

inservice

!

vserver CSG-SSL

virtual 192.168.9.160 tcp https

replicate csrp sticky

replicate csrp connection

no persistent rebalance

slb-policy CSG-SSL

inservice

New Member

Re: CSM Redirect problem

Thanks to both of you but I think what I'm trying to do can't be done. In my example abc.company.com is using the VIP 10.129.59.50. What I want to happen is for https requests to use the VIP and be load balanced. Http requests should be redirected as https requests and hit the VIP again. The result of my configuration is a request comes in, the https requests don't match the policy and get dumped, http gets redirected to https hits the VIP again and gets dumped because now it is https which does not match the policy. Does anyone have an idea as to how to get around this?

Cisco Employee

Re: CSM Redirect problem

the solution must come from the server side.

The CSM would not be able to do this as it expects traffic to be either HTTPs or HTTP.

Regards,

Gilles.

245
Views
10
Helpful
4
Replies
CreatePlease to create content