I have the attached config where basically I want to have 2 VIPs so that for port 80, it just forwards to the servers. For 443, it should offload the SSL and send it cleartext to port 7778 (for VIP 126.96.36.199) and to port 7777 (for VIP 188.8.131.52).
SSL Hand shaking starts between the browser and the SLB and seems to complete OK, but there seems to be nothing going on between the SLB and the server... I suspect my configuration is not right for the SSL offload part...
Your answer did not solve the issue but pointed me in the right direction.
In addition to changing to a VIP on the ssl-server cipher entries, tt looks like to me that there needed to be a content rule for the 7777 and 7778 ports (not there in my original config), so it didn't know what to do with traffic back to the SLB on those ports.
I'm posting the working config for future searches if someone happens to google or search and find this.
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...