Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS SSL L5 balancing

Hello

I have four servers that I want to load balance based on a URL both HTTP and HTTPS. Two are tomcat and two are IIS and I would like to use something like /jsp/* and /aspx/*. I can get the http L5 rules setup just fine but when I try and use port 443 with a layer 5 content rule I get nothing. The show flows command shows the external ip, the vip but 0.0.0.0 for the NAT IP. Is it possible to do what I'm trying to do?

my config is

service iis1

ip address 10.0.0.1

active

service iis2

ip address 10.0.0.2

active

service tomcat1

ip address 10.0.0.3

active

service tomcat2

ip address 10.0.0.4

active

owner test

content iis

vip address 10.1.1.1

url "/aspx/*"

advanced-balance arrowpoint-cookie

add service iis1

add service iis2

protocol tcp

port 80

active

content iis_ssl

vip address 10.1.1.1

url "/aspx/*"

advanced-balance ssl

application ssl

add service iis1

add service iis2

protocol tcp

port 443

active

Thanks in advance

Justin

3 REPLIES
Cisco Employee

Re: CSS SSL L5 balancing

Justin,

the sll traffic is encrypted by definition.

So, the CSS or any other device, can't see the content of the traffic including the url.

The only way is to use the SSL module in combination with the server key and certificate.

Gilles.

New Member

Re: CSS SSL L5 balancing

Thanks for the response Giles. I've been working on doing that and I think I have it working but the problem now is that we have some apps that look to make sure the conversation is secure and redirect if not. With the SSL module, it doesn't look like the servers will ever see whether or not the user is connecting via HTTPS. Is there any way around that?

New Member

Re: CSS SSL L5 balancing

It is possible to configure the CSS to use SSL for backend connections between it and the hosting webservers. It's either that or reconfigure the app probably.

136
Views
0
Helpful
3
Replies