My web application config has a Cisco ACE load balancing across a server farm and I want to use the ACE as an SSL endpoint as well. To make this work, the network architect has come up with a design where all secure pages have to be served from secure.my-domain.com, while non-secure pages are served up from www.my-domain.com. The reason for this is apparently that the configuring the Cisco ACE to accept HTTPS requests on port 443 for a particular public IP prevents the simultaneous acceptance of HTTP requests on port 80 for the same IP. While I'm not a networking (or Cisco) expert, this seems to be intuitively wrong, as it would prevent any website using the Cisco ACE to serve pages on http://www.my-domain.com
and https://www.my-domain.com
simultaneously. In this situation, my questions are:
- Is this truly a limitation of the Cisco ACE when used as an SSL endpoint?
- If not, then can I assume that we can set up the ACE to accept connections for a particular IP on ports 80 and 443, and function as an SSL endpoint for the incoming requests on 443? Links to appropriate documentation most welcome here.
- Assuming the setup in the previous question, can I then redirect both sets of requests to the same server farm on the same port?
This is not true. You can configure an as to loadbalance both HTTP and HTTPS traffic to the same VIP.
Example config: