I have having issues using SSL termination. When I configure regular http all works fine, but when I switch to SSL termination I see resets in the packet capture (capture run on the client machine). I ran the crypto verify command to confirm the key and the cert match which they did.
ssl-proxy service mydomain.org key mydomain cert STAR.mydomain.ORG.crt ssl advanced-options mydomain.org
class-map type management match-any remote_access 201 match protocol xml-https any 202 match protocol icmp any 203 match protocol telnet any 204 match protocol ssh any 205 match protocol http any 206 match protocol https any 207 match protocol snmp any class-map match-all test.mydomain.org 2 match virtual-address 220.127.116.11 tcp eq https
policy-map type management first-match remote_mgmt_allow_policy class remote_access permit
policy-map type loadbalance first-match test.mydomain.org-l7slb class class-default serverfarm test_servers
policy-map multi-match int1000-n2 class test.mydomain.org loadbalance vip inservice loadbalance policy test.mydomain.org-l7slb ssl-proxy server mydomain.org
interface vlan 1000 description inside interface ip address 18.104.22.168 255.255.255.0 peer ip address 22.214.171.124 255.255.255.0 access-group input ALL service-policy input remote_mgmt_allow_policy service-policy input int1000-n2 no shutdown interface vlan 3126 description "outside interface" ip address 126.96.36.199 255.255.255.0 peer ip address 188.8.131.52 255.255.255.0 access-group input ALL service-policy input remote_mgmt_allow_policy service-policy input int1000-n2 no shutdown
ft interface vlan 100 ip address 192.168.5.106 255.255.255.252 peer ip address 192.168.5.105 255.255.255.252 no shutdown
ft peer 1 heartbeat interval 300 heartbeat count 10 ft-interface vlan 100 query-interface vlan 1000 ft group 1 peer 1 associate-context Admin inservice
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...