Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
393
Views
5
Helpful
2
Replies

Destination https:// filtering with non ssl module?

Chris.Swan
Level 1
Level 1

‎09-14-2005 03:37 AM

I am led to believe that it's possible to load balance to different destination webs servers based on destination https:// adresses. I enclose my config which is not yet up and running as I am stuck at this point:

I am using 2 11501’s without ssl modules in redundancy to load balance in the following way:

when going to HTTPS://10.220.216.50/InternetBanking go to IBANKING SERVER

when going to HTTPS://10.220.216.50/BLAST GO TO BLAST1 BLAST2 SERVERS

I think that I have correctly configured services and owners but I do not see how to perform the destination url Routing that I need.

If you can advise that would be great and also if it is not possible i would like to know that too.

thanks

Sam

show run

!Generated on 09/14/2005 04:03:47

!Active version: sg0750103

configure

!*************************** GLOBAL ***************************

ip redundancy

app

app session 10.220.216.52

!************************** CIRCUIT **************************

circuit VLAN1

ip address 10.220.216.51 255.255.255.0

!************************** SERVICE **************************

service BLAST1

ip address 10.0.0.1

keepalive type ssl

active

service BLAST2

ip address 10.0.0.2

keepalive type ssl

active

service IBANKING

ip address 10.0.0.3

keepalive type ssl

active

!*************************** OWNER ***************************

owner BLAST

content HTTPS://BLAST

add service BLAST1

add service BLAST2

protocol tcp

port 443

application ssl

vip address 10.220.216.50

advanced-balance ssl

owner IBANKING

content HTTPS://IBANKING

add service IBANKING

protocol tcp

port 443

vip address 10.220.216.50

application ssl

advanced-balance ssl

CSS11501-TOP#

Labels:
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎09-14-2005 05:15 AM

without the SSL module the CSS can't decode the HTTPS traffic [that's the purpose of HTTPS/SSL].

so the CSS does not see the url and is not able to filter or take action based on the url.

You need to buy a CSS11501-S to get the SSL module or buy a CSS1150[3|6] with an SSL module.

Regards,

Gilles.

Chris.Swan
Level 1
Level 1
In response to Gilles Dufour

‎09-14-2005 05:34 AM

i was hoping that the initial request that went through to the server was going to be clear then encrypted afterwards but that is obviously not the case.

we were misinformed that this would work as we wanted so we will now purchase the ssl module quickly.

thanks

sam

0 Helpful
Customers Also Viewed These Support Documents