Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

port change from 443 to 9000

Hi,

I have a server which listens on port 9000. Clients connects to ACE on port 443 as ssl connection.

How to configure ACE to send the request it receives on port 443 to port 9000 on server?

I have ssl offloading configured on ACE.

Users access https://extranet.abc.com/sonarringo and hits the ACE. ACE redirects client to https://extranet.abc.com/sonarringo which again hits ACE.

ACE sends the request to server on port 9000.But this is not working somehow.

When I see connection on ACE, i see return connection from server to ACE on port 443 and in INIT state whereas it should come on port 9000.

SSL offloading is working fine as other links on same website are working fine.

Below is the config..can anyone suggest?

probe tcp adc_ringodashboard

  port 9000

  interval 5

  passdetect interval 5

  connection term forced

rserver redirect adc_sonarringo-redir

  webhost-redirection

  https://extranet.abc.com/sonarringo/

  inservice

             

rserver host adc_sonarringo

  ip address 10.140.223.223

  inservice

serverfarm host adc_sonarringo-fwd

  probe adc_ringodashboard

  rserver adc_sonarringo 9000

    inservice

class-map type http loadbalance match-any adc_sonarringo-redir

  2 match http url /sonarringo

class-map type http loadbalance match-any adc_sonarringo-fwd

  2 match http url /sonarringo/*

  3 match http url /sonarringo/.*

policy-map type loadbalance first-match ssl-extranet

class adc_sonarringo-redir

    serverfarm adc_sonarringo-redir

  class adc_sonarringo-fwd

    serverfarm adc_sonarringo-fwd

policy-map multi-match external-lb

    class ssl-extranet

    loadbalance vip inservice

    loadbalance policy ssl-extranet

    loadbalance vip icmp-reply active

    nat dynamic 1 vlan 368

    appl-parameter http advanced-options case_param

    ssl-proxy server extranet

parameter-map type http case_param   This parameter is applied in multimatch policy.

  case-insensitive

  no persistence-rebalance

  set header-maxparse-length 65535

  set content-maxparse-length 65535

  length-exceed continue

5 REPLIES

port change from 443 to 9000

Nish,

Could you explain more in detail what you are trying to accomplish with this?

Currently what you have is something like this

https://extranet.abc.com/sonarringo ----> https://extranet.abc.com/sonarringo

But I think this may cause a loop

Please explain what you are looking for

Jorge

Community Member

port change from 443 to 9000

Hi Jorge,

Users connect to server with https://extranet.nl.capgemini.com/sonarringo which hits the ace and ace redirects clinet to https://extranet.nl.capgemini.com/sonarringo/ which eventually again hit the ACE and this time ACE matches another layer 7 class (adc_sonarringo-fwd) and passes the traffic to server. Server should reply back to client with webpage.

This config is converted from existing CSS configuration which was working fine with CSS and similar config works for other applications.

If I create a action list which converts http request header from extranet.nl.capgemini.com to extranet.nl.capgemini.com:9000, i can see connection established onn ACE and i see similar URL in client browser which i get wen directed connecting to site (header value changed) but still i cant see webpage properly.

Community Member

port change from 443 to 9000

Hi,

What I need to know what is the way to convert such SSL request to ports other than 80 as 9000 in my case without opening such ports on firewalll from outside world to my network?

I think Its something related to class map and reg ex.....

Community Member

port change from 443 to 9000

Hi,

The issue is resolved. Issue was with difference of behaviour between ACE and CSS.

In CSS, redirection link https://extranet.abc.com/sonarringo/ was enough to make it work but ACE required more detailed redirection link...https://extranet.abc.com/sonarringo/new/form ...After changing redirection string, it started working.

Thanks for help...

port change from 443 to 9000

Nish,

It sounds great!

Jorge

429
Views
0
Helpful
5
Replies
CreatePlease to create content