CSS SSL-proxy sends wrong port # embeded in HTTP Host Header
Load balancing works fine and so does SSL offloading. Sniffer traces show that host header sent to the server on TCP 81 has no port number appended to it as required by the HTTP RFC.
In current configuration, verified by a sniffer, TCP 443 hits the content rule and it sent to the SSL-PROXY where it is sent on TCP 81 clear text to the server. The server is listening on TCP 81 and the website reachable. Some scripts were failing so I checked the HTTP HOST Header tag in a sniffer trace and found that although I am sending it to TCP 81, the host header says:
When according to the RFC and other sniffer traces to working servers (not load balanced) it should show:
Is this a configuration problem, bug or feature? :)
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...