Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SSL configuration problem


Presently we are using port 80 for all of our web traffic. This is how the client would connect to our eportal, first they would enter the portal and hit the LB (load balancers) then would be redirected to the Contect acceleators, then back to the the load balancers, then to the reverse proxies, then to the web servers, ( iknow you must be thinking why, its becuase its a very secure customer)

When going through on port 80 everything works fine, but when i try and switch to port 443 this is were i am having the problem. it just doen't work. page errors etc.

This is my network config; front end firewall (Nokia) redundent LB's, redundent SCA (these are in parellel to the front end LB's) then a redundent PIX firewall to seperate the front webservers from the back end apps servers etc. then redundent back end LB's and then redundent PIX firewalls for the management network.

Cisco Employee

Re: SSL configuration problem

if you do a 'show summary' on the CSS, do you see a hits on the 443 content rules, on the the content rule from the SCA to the reverse proxy and on the content rule from reverse proxy to web ?

If not, check where the traffic is stopped.

Also, how do make redundancy with the SCA ?

Are they both active in the same VLAN ?

What's the config of the SCA and CSS ?


New Member

Re: SSL configuration problem

Gilles thank again for the response,

The SCA are redundent, they are on two different vlans, active & passive. As the same goes for the CSS's. I have resolved the issue on this one, it was the application that causing the problem. along with the RP's. I had created add services for the port 443 and the created content rules, added the appropriate add service to this rule. Some reason it just didn't work. will see if it holds up.