Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Redirect port 80 to port 443

We are using Novell's iChain services for authentication of remote users. We need resilience and the CSS11051 was recommended by Cisco using WebNS4.01.

The user after presenting their digital cerficate, will get redirected from port 80 to port 443. Another requirement is that there be stickiness configured based on the SSL session ID.

Has anyone done this configuration before and gotten it to work correctly.

2 REPLIES
New Member

Re: Redirect port 80 to port 443

You can provide resilience a number of ways with the CSS products and this enables it to provide many solutions - although you should look at using a later version of code than 4.01 - Check CCO for latest.

The CSS can stick on SSL session id, but this is not really practical in the real world due to an issue with Microsift explorer, where it renegotiates the SSL session id every few minutes. (Netscape is fine). So unless you can guarantee that you user base will run only Netscape browsers :) , SSL sticky will not work.

A preferred method is to incorporate an SSL offload device into the design - this enables several benefits:

Offload SSL processing from your servers

Provide SSL redundancy (several SSL offload devices can be used in a cluster)

Provide sticky for SSL - this is because the SSL session is terminated on the SSL device and then passed back to the real server as cleartext, so you can now stick based on a whole range of attributes - URL, cookie etc.

To work effectively, this needs to be incorporated into your content switch design.

Regards,

Darren.

New Member

Re: Redirect port 80 to port 443

Thanks Darren, I will test your suggestion.

264
Views
5
Helpful
2
Replies
CreatePlease login to create content