09-14-2005 03:37 AM
I am led to believe that it's possible to load balance to different destination webs servers based on destination https:// adresses. I enclose my config which is not yet up and running as I am stuck at this point:
I am using 2 11501s without ssl modules in redundancy to load balance in the following way:
when going to HTTPS://10.220.216.50/InternetBanking go to IBANKING SERVER
when going to HTTPS://10.220.216.50/BLAST GO TO BLAST1 BLAST2 SERVERS
I think that I have correctly configured services and owners but I do not see how to perform the destination url Routing that I need.
If you can advise that would be great and also if it is not possible i would like to know that too.
thanks
Sam
show run
!Generated on 09/14/2005 04:03:47
!Active version: sg0750103
configure
!*************************** GLOBAL ***************************
ip redundancy
app
app session 10.220.216.52
!************************** CIRCUIT **************************
circuit VLAN1
ip address 10.220.216.51 255.255.255.0
!************************** SERVICE **************************
service BLAST1
ip address 10.0.0.1
keepalive type ssl
active
service BLAST2
ip address 10.0.0.2
keepalive type ssl
active
service IBANKING
ip address 10.0.0.3
keepalive type ssl
active
!*************************** OWNER ***************************
owner BLAST
content HTTPS://BLAST
add service BLAST1
add service BLAST2
protocol tcp
port 443
application ssl
vip address 10.220.216.50
advanced-balance ssl
owner IBANKING
content HTTPS://IBANKING
add service IBANKING
protocol tcp
port 443
vip address 10.220.216.50
application ssl
advanced-balance ssl
CSS11501-TOP#
09-14-2005 05:15 AM
without the SSL module the CSS can't decode the HTTPS traffic [that's the purpose of HTTPS/SSL].
so the CSS does not see the url and is not able to filter or take action based on the url.
You need to buy a CSS11501-S to get the SSL module or buy a CSS1150[3|6] with an SSL module.
Regards,
Gilles.
09-14-2005 05:34 AM
i was hoping that the initial request that went through to the server was going to be clear then encrypted afterwards but that is obviously not the case.
we were misinformed that this would work as we wanted so we will now purchase the ssl module quickly.
thanks
sam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide