An interesting issue arose when trying to configure two L5 rules behind a SSL proxy on a Cisco CSS 11500.
When doing SSL termination on the CSS load-balancer, a ssl-proxy-list is configured to add a virtual server that ties the SSL VIP to the plain-text HTTP VIP used by the proxy.
Read up on configuring SSL termination on the CSS 11500 if you’re not familiar.
Normally, a SSL rule VIP is proxied to a single, matching plain-text HTTP VIP when you need to ensure the site is protected by SSL. This is done with two L4 rules, one matching [port] :443 and the other on :80. It’s not a requirement that the two VIPs match, but doing so will make your config easier to understand and conserve IP space. See the post on *todo* for CSS HTTP to HTTPS redirection.