show run !Generated on 12/21/2006 18:47:02 !Active version: sg0810205 configure !*************************** GLOBAL *************************** no restrict web-mgmt ip redundancy snmp name "TAS-CSM1" snmp contact "Cedric Stevens" snmp location "Tasima, Waterfall Park, Midrand" app app session 192.168.1.2 logging buffer 4096 logging host 10.10.1.4 facility 7 ssl associate rsakey ENATIS CSSrsakey1 ssl associate cert dccsm-cert certnew.cer ssl associate cert ca-cert eNaTIS-CA.cer ftp-record ssl_record 10.131.153.52 tasima des-password pcgdibdg4fjcjeja ip route 0.0.0.0 0.0.0.0 10.131.153.6 1 !************************* INTERFACE ************************* interface 1/2 bridge vlan 2 !************************** CIRCUIT ************************** circuit VLAN1 description "Tasima App-Server VLAN1" redundancy ip address 10.131.153.20 255.255.255.0 circuit VLAN2 description "Failover Vlan" ip address 192.168.1.1 255.255.255.252 redundancy-protocol !*********************** SSL PROXY LIST *********************** ssl-proxy-list ssl_list2 ssl-server 21 ssl-server 21 vip address 10.131.153.253 ssl-server 21 rsacert dccsm-cert ssl-server 21 http-header client-cert ssl-server 21 authentication enable ssl-server 21 cacert ca-cert ssl-server 21 cipher rsa-export1024-with-rc4-56-sha 10.131.155.39 7777 ssl-server 21 cipher rsa-export1024-with-des-cbc-sha 10.131.155.39 7777 ssl-server 21 rsakey ENATIS ssl-server 21 http-header session active !************************** SERVICE ************************** service HTTPS add ssl-proxy-list ssl_list2 slot 3 keepalive type none type ssl-accel active service TAS-DCAPP1 ip address 10.131.155.39 active service TAS-DCAPP2 ip address 10.131.155.42 service TAS-DCAPP3 ip address 10.131.155.44 service TAS-DCAPP4 ip address 10.131.155.45 !*************************** OWNER *************************** owner Tasima email-address cedric.stevens@tasima.co.za content ENATIS advanced-balance sticky-srcip balance leastconn add service TAS-DCAPP1 add service TAS-DCAPP2 add service TAS-DCAPP3 add service TAS-DCAPP4 vip address 10.131.153.30 active content ssl-rule add service HTTPS vip address 10.131.153.253 application ssl protocol tcp port 443 active !*************************** GROUP *************************** group csm-enatis add destination service TAS-DCAPP1 vip address 10.131.153.25 active CSS11503# show service summary Service Name State Conn Weight Avg State Load Transitions HTTPS Alive 0 1 2 0 TAS-DCAPP1 Alive 0 1 2 0 TAS-DCAPP2 Suspended 0 1 255 0 TAS-DCAPP3 Suspended 0 1 255 0 TAS-DCAPP4 Suspended 0 1 255 0 CSS11503# show ssl-proxy-list ssl_list2 - Ssl-proxy-list Entries for list ssl_list2 - Number of SSL-Servers: 1 Ssl-Server 21 - Vip address: 10.131.153.253 Vip port: 443 RSA Certificate: dccsm-cert RSA Keypair: ENATIS DSA Certificate: none DSA Keypair: none DH Param: none Client Authentication: enabled Client Authentication Failure: reject Authentication Redirect URL: none CA Certificate: ca-cert Crl: none Session Cache Timeout: 300 SSL Version: SSL and TLS Re-handshake Timeout: 0 Re-handshake Data: 0 Virtual TCP Inactivity TO: 240 Server TCP Inactivity TO: 240 Virtual TCP Syn Timeout: 30 Server TCP Syn Timeout: 30 Virtual TCP Nagle Algorithm: enable Server TCP Nagle Algorithm: enable TCP Receive Buffer: 32768 TCP Transmit Buffer: 65536 SSL Shutdown Procedure: normal SSL Queueing Delay: 200 Virtual TCP Ack Delay: 200 Server TCP Ack Delay: 200 Virtual Min Retrans Timer: 500 Server Min Retrans Timer: 500 Virtual TCP Window: 12288 Server TCP Window: 12288 Cipher Suite(s) Weight Port Server --------------- ------ ---- ------ rsa-export1024-with-rc4-56-sha 1 7777 10.131.155.39 rsa-export1024-with-des-cbc-sha 1 7777 10.131.155.39 URL Rewrite Rule(s) - None HTTP Header Insert Prefix HTTP Header Insert ------------------------- ------------------ Not defined Client Cert, Session Data HTTP Header Insert Static ------------------------- Not defined HTTP Header Insert Frequency ---------------------------- Per SSL Session HTTP Client-Cert Fields: Default Field Configured Field -------------- ------------------------- HTTP Server-Cert Fields: Default Field Configured Field -------------- ------------------------- HTTP Session Fields: Default Field Configured Field -------------- ------------------------- CSS11503# show rule-summary VIP Address Port Prot Url CntRuleName OwnerName Stat Idx --------------- ----- ---- ------------------ -------------- --------- ---- --- 10.131.153.30 Any Any ENATIS Tasima Act 0 10.131.153.253 443 TCP ssl-rule Tasima Act 1 CSS11503# show rule Tasima Name: ENATIS Owner: Tasima State: Active Type: HTTP Balance: Least Connections Failover: N/A Persistence: Enabled Param-Bypass: Disabled Session Redundancy: Disabled IP Redundancy: Not Redundant L3: 10.131.153.30 L4: Any/Any Url: Redirect: "" TCP RST client if service unreachable: Disabled Rule Services & Weights: 1: TAS-DCAPP1-Alive, S-1 2: TAS-DCAPP2-Suspended, S-1 3: TAS-DCAPP3-Suspended, S-1 4: TAS-DCAPP4-Suspended, S-1 >>>>>>>> Name: ssl-rule Owner: Tasima State: Active Type: SSL Balance: Round Robin Failover: N/A Persistence: Enabled Param-Bypass: Disabled Session Redundancy: Disabled IP Redundancy: Not Redundant L3: 10.131.153.253 L4: TCP/443 Url: Redirect: "" TCP RST client if service unreachable: Disabled Rule Services & Weights: 1: HTTPS-Alive, S-1 CSS11503#