Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS. loosing login/pass info due to redirection http -> https

Hi,

I have sort of a problem with CSS 11501 (ios 8.20.1.01).

The desigh is:

client(http) -internet-> router -> checkpoint(nat) -> css -> backe-end server. CSS, checkpoind, back-end server are in the same subnet. CSS performs SSL termination.

I want to have automatic redirection from http to https, so when the remote client connects to CSS with http he's redirected to https. The client enter login/pass info but this info is lost after redirection and it's nesessary to enter login/pass again.

Note: If I connect to https directly I'm able to login without problems.

CSS config:

!************************** CIRCUIT **************************

circuit VLAN112

ip address 10.112.0.3 255.255.0.0

circuit VLAN114

ip address 10.114.0.3 255.255.0.0

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list rrssl1

ssl-server 1

ssl-server 1 dhparam ...

ssl-server 1 rsacert ...

ssl-server 1 rsakey ...

ssl-server 1 cipher rsa-export1024-with-des-cbc-sha 10.112.0.107 80

ssl-server 1 vip address 10.112.0.241

!************************** SERVICE **************************

service secure-transfer

type redirect

no prepend-http

ip address 2.2.2.2

keepalive type none

domain "https://test1.abc.com"

active

service sslservice

type ssl-accel

add ssl-proxy-list rrssl1

slot 2

keepalive type none

active

!*************************** OWNER ***************************

owner test

content default-redirect

protocol tcp

port 80

url "/*"

vip address 10.112.0.241

add service secure-transfer

active

content ssl-rule

protocol tcp

port 443

add service sslservice

vip address 10.112.0.241

active

Tnx a lot in advance for any comments.

2 REPLIES
Cisco Employee

Re: CSS. loosing login/pass info due to redirection http -> http

the CSS itself is not involved in the login process.

If you have to login in HTTP, it means the login is requested before you get to the CSS.

[the CSS would just forward a redirect and will not request any login and will not connect to the server].

So, the checkpoint firewall is probably doing the login.

You should check there for help.

Gilles.

New Member

Re: CSS. loosing login/pass info due to redirection http -> http

The back-end server performed authentication after redirection http -> https, the firewall does no authentication. The problem was solved , unfortunatly it was not an issue that could be resolved via the css. We had to resort to manually editing the html file.

116
Views
5
Helpful
2
Replies
CreatePlease login to create content