Professional Documents
Culture Documents
Source NAT
1. Create a NAT Pool for SSL offload and assign it to VRID 2. Verify the configuration.
ip nat pool NAT-SSL 200.0.0.22 200.0.0.22 netmask /24 vrid 2
show ip nat pool
SSL Template
4. Create a client SSL template (TP-CSSL). Add the certificate and key. Verify.
slb template client-ssl TP-CSSL
cert CT-CERT1
key CT-CERT1
show slb template client-ssl TP-CSSL
Verifying functionality
8. In your browser open another tab and connect to https://100.0.0.22/
9. Accept the self-signed certificate to generate the It works! page.
10. Reload page a few times. All images should come from the same server.
11. Verify the certificate sent from the ACOS device.
right click on the It works! page
select View Page Info
click Certificate information to see the certificate
The certificate should display information you previously entered
12. Verify the cookie sent from the ACOS device.
Right click on the It works! web page
Select Inspect
Select Resources in the menu bar
Expand Cookies in the vertical Resource list.
Recognize the cookie.
13. Open an http (NOT https) browser connection to http://100.0.0.22/
This demonstrates the effect of attempting to connect to the virtual server by http
instead of https.
It should eventually time out. The next section solves that problem transparently.
15. Open VIP-SSL, add port 80 http, then apply the redirect1 aFlex script to the port:
slb virtual-server VIP-SSL
port 80 http
aflex AF-RDRCT
16. Display contents of the redirect script, which was applied on port 80. What does it do?
show aflex AF-RDRCT
17. Examine the state of the vip:
show slb virtual-server VIP-SSL
18. Verify that ACOS displays the following states:
VIP-SSL: Functional Up
virtual port 443: All Up
virtual port 80: Functional Up
The port 80 configuration only binds the aFlex script to the port, resulting in a status of
Functional Up to the VIP and HTTP port. Typically, UP status requires the following:
virtual port status of UP requires explicitly configuring a service group to the port
VIP status of UP requires explicitly configuring service groups to all virtual ports.
19. Confirm the script is functioning properly: In a new browser tab, open a connection to
http://100.0.0.22/
You should be automatically redirected to https:// 100.0.0.22/
20. Save your configuration for future use:
write mem