Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is it possible to redirect https traffic to http in CSM?

Hello,

I have a requirement to redirect https traffic to http. Is it possible to do that in the CSM?

In the CSM documentation all redirect examples/config etc refer only to http traffic so I am wondering if the other way around is supported as well.

BTW I have already tried it on the CSM and it is not working. Everytime I try to reach the https url I get "ERROR_INTERNET_SECURITY_CHANNEL_ERROR" on http watch.

Thanks for any help offered.

Murtaza

5 REPLIES
Cisco Employee

Re: Is it possible to redirect https traffic to http in CSM?

Murtaza,

you can only do that if you can decrypt the traffic and re-encrypt.

This is the purpose of SSL.

So, you need a CSM-S or a SSL Module or the ACE module.

Gilles.

New Member

Re: Is it possible to redirect https traffic to http in CSM?

Hello Gilles,

We do have a CSM-S but if I have understood you correctly we need to terminate SSL connection on the SSL-DC and create an HTTP one from CSM to the backend system.

This is more like SSL termination than redirect correct?

Thanks,

-Murtaza

Cisco Employee

Re: Is it possible to redirect https traffic to http in CSM?

you have to send the decrypted request back to the CSM which create a redirect, send it to the SSLM which re-encrypt and forward to the client.

Gilles.

New Member

Re: Is it possible to redirect https traffic to http in CSM?

Would you have a config example on how to do this on the CSM-S?

Thanks,

Murtaza

Cisco Employee

Re: Is it possible to redirect https traffic to http in CSM?

I don't have a config in hands for this.

I have done it before and know this is feasible.

The redirect is here :

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00802877f6.shtml

Just change the vip to be only accessible by the SSLM.

Create the appropriate redirect vserver.

On the SSLM, send the decrypted traffic to the vip address and port.

Just as if the Vip was a server.

Gilles.

380
Views
0
Helpful
5
Replies
CreatePlease login to create content