Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

is it a bad idea to put both ports 443 and 80 in the same class map, when load-balancing using the ACE.

We are configuring an ACE 4710, and it is pretty straightforward, in that it is balancing http, and https traffic to a number of servers, ssl termination is on the Load balancer itself.

The question is - is it a bad idea to match both port 80 and 443 in the same class map - especially when they will be configured with the same load-balancing policy. 

 

If so, why?

 

thanks for any help you can give us.

 

1 REPLY

No I do not think it is, I

No I do not think it is, I have used both www and https on the same class-map the same VIP, lots of times - you could be providing different services on these ports anyway. It's probably good that you are doing the ssl offloading from servers, one scenario I can think of at the moment of it being bad is if you present http connections to a server that is vulnerable to attacks etc... from a less secure port.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
51
Views
0
Helpful
1
Replies
CreatePlease login to create content