Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS. loosing login/pass info due to redirection http -> https


I have sort of a problem with CSS 11501 (ios

The desigh is:

client(http) -internet-> router -> checkpoint(nat) -> css -> backe-end server. CSS, checkpoind, back-end server are in the same subnet. CSS performs SSL termination.

I want to have automatic redirection from http to https, so when the remote client connects to CSS with http he's redirected to https. The client enter login/pass info but this info is lost after redirection and it's nesessary to enter login/pass again.

Note: If I connect to https directly I'm able to login without problems.

CSS config:

!************************** CIRCUIT **************************

circuit VLAN112

ip address

circuit VLAN114

ip address

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list rrssl1

ssl-server 1

ssl-server 1 dhparam ...

ssl-server 1 rsacert ...

ssl-server 1 rsakey ...

ssl-server 1 cipher rsa-export1024-with-des-cbc-sha 80

ssl-server 1 vip address

!************************** SERVICE **************************

service secure-transfer

type redirect

no prepend-http

ip address

keepalive type none

domain ""


service sslservice

type ssl-accel

add ssl-proxy-list rrssl1

slot 2

keepalive type none


!*************************** OWNER ***************************

owner test

content default-redirect

protocol tcp

port 80

url "/*"

vip address

add service secure-transfer


content ssl-rule

protocol tcp

port 443

add service sslservice

vip address


Tnx a lot in advance for any comments.

Cisco Employee

Re: CSS. loosing login/pass info due to redirection http -> http

the CSS itself is not involved in the login process.

If you have to login in HTTP, it means the login is requested before you get to the CSS.

[the CSS would just forward a redirect and will not request any login and will not connect to the server].

So, the checkpoint firewall is probably doing the login.

You should check there for help.


New Member

Re: CSS. loosing login/pass info due to redirection http -> http

The back-end server performed authentication after redirection http -> https, the firewall does no authentication. The problem was solved , unfortunatly it was not an issue that could be resolved via the css. We had to resort to manually editing the html file.

CreatePlease login to create content