Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Using the CSM to setup a HTTPS session on non-standard ports?

Hi Guys,

One of our clients wants to setup an SSL connection on a non-standard SSL port i.e. 4444 to begin with. Here the sever handles the SSL encryption / deccryption) instead of the SSL module.

I've found the following config to work well:

serverfarm FARM-MOBS-4444

nat server

no nat client

predictor leastconns

failaction purge

real 130.194.12.81 4444

inservice

real 130.194.12.84 4444

inservice

probe MOBS-4444

!

sticky 108 netmask 255.255.255.255 timeout 60

!

vserver VMOBS-PROD-4444

virtual 130.194.11.51 tcp https

serverfarm FARM-MOBS-4444

sticky 60 group 108

persistent rebalance

inservice

!

With the above setup the CSM redirects the SSL connections (recieved on 443) to port 4444 on the sever and maintains this for the duration of the session.

While the above setup works, is it possible to configure the VIP to use a HTTPS port other than 443 (which is default)? This would then allow for separate HTTPS paths to be setup on non-standard ports. I ask this since the client also wants to setup a HTTPS path on port 4443 as well.

Any ideas would be useful.

thanks

Sheldon

4 REPLIES
New Member

Re: Using the CSM to setup a HTTPS session on non-standard ports

Hi Sheldon,

you can use 'non standard' port for SSL termination. it works without problem.

regards,

martin

New Member

Re: Using the CSM to setup a HTTPS session on non-standard ports

Hi Martin,

Do you mean using the SSL module to perform the encryption / decryption? If so i've tried this and it does work without an issue.

I was just wondering if it were possible to have a VIP setup where the HTTPS port is not 443 but say 4443, where the encryption / decryption is done by the real servers themselves.

thanks

Sheldon

New Member

Re: Using the CSM to setup a HTTPS session on non-standard ports

Hi Sheldon,

I though use non standard port (4443), where encryption/decryption is done on the real servers. CSM only 'forwards' traffic to the real server (using nat/pat, because vip and rserver ports are different - vip:4443/443, rserver:4444)

(btw: you can use non standard port with SSL termination on the SSL module too)

martin

New Member

Re: Using the CSM to setup a HTTPS session on non-standard ports

Hi Martin,

I confused myself - yup it all works fine on the CSM now!

thanks

Sheldon

147
Views
5
Helpful
4
Replies