I am having a heck of a time getting SSL Offloading and load balancing to work with a product from a company called internet Dashboard. I really believe the isses to be the APP.
I have the SSL offloading configured and it works. The load balancing is straight forward and working as well. The setup is two servers and the DB server (not involoved in LB or SSL) in our DMZ. The 11501's (in an ASR pair) are one armed into the DMZ switches. Everything is cross connected in the switching environment. Proxy-Arp is disabled. Config is attached and showing good Cert associations.
What has been happening is we will get a loss of connection between the App servers and the DB server resulting in a General Network Error (Microsoft's latest equivilant to the famous General Protection Fault). This now appears to have been a problem with Win2K3 and SP2 and Broadcom drivers and was eliminated with a driver upgrade and disabling 'Chimney Offloading" on the servers.
Now, when I place the servers behind the 11501s and enable the SSL, I get a "Bad Request (Invalid Hostname)" error right after the cert exchange. However, when I go directly to the server by IP and bypass the VIP and SSL, it works fine.
This leads me to believe there is a DNS issue or other App based problem, but as I'm the only one who works with the CSSs here, I would like a second opinion.
Can anyone see something I have overlooked? I would appreciate any comments.
One last thing about the config. I know I have all the services, content and group suspended. I've had to back out the SSL termination and LB - again.
Thanks for the quick answer. You are correct, the problem occurs in a browser and it is Firefox. The cert is not chained, just a standard server cert and key pair. Funny thing is it would work for a while and then the error issues. No reason for the application to stop. iD (product author) has been less than helpful.
Your three recommendations make sense. I have made them. I'll give it another shot and see what happens.
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...