https://community.cisco.com/t5/application-networking/6500-w-csm-server-farm-with-4-ssl-modules/m-p/369210#M6322 <HTML><HEAD></HEAD><BODY><P>I have found a way roud this.</P><P>If you enable ssl-sticky under the vserver it will allow you to see the source address and the next hop(which should be the ssl module address) with the command "sh module contentSwitchingModule all sticky".</P></BODY></HTML> Tue, 11 Jan 2005 12:51:14 GMT spencedavid21 2005-01-11T12:51:14Z https://community.cisco.com/t5/application-networking/6500-w-csm-server-farm-with-4-ssl-modules/m-p/369208#M6320 <P>What CSM command can I use to find which SSL module is being used. </P><P>When diagnosing problems I would like to find out which SSL module the client is hitting.</P> Tue, 11 Jan 2005 11:07:11 GMT https://community.cisco.com/t5/application-networking/6500-w-csm-server-farm-with-4-ssl-modules/m-p/369208#M6320 spencedavid21 2005-01-11T11:07:11Z https://community.cisco.com/t5/application-networking/6500-w-csm-server-farm-with-4-ssl-modules/m-p/369209#M6321 <HTML><HEAD></HEAD><BODY><P>actually if you do not nat the destination ip address, there is currently no way to see which real/ssl module is being used.</P><P>There is a feature request open for this already.</P><P></P><P>I would suggest you to log into each ssl module and issue a 'sho ssl-proxy conn' to find out which one received the connection from your client ip address.</P><P></P><P>Regards,</P><P></P><P>Gilles.</P></BODY></HTML> Tue, 11 Jan 2005 11:27:02 GMT https://community.cisco.com/t5/application-networking/6500-w-csm-server-farm-with-4-ssl-modules/m-p/369209#M6321 Gilles Dufour 2005-01-11T11:27:02Z https://community.cisco.com/t5/application-networking/6500-w-csm-server-farm-with-4-ssl-modules/m-p/369210#M6322 <HTML><HEAD></HEAD><BODY><P>I have found a way roud this.</P><P>If you enable ssl-sticky under the vserver it will allow you to see the source address and the next hop(which should be the ssl module address) with the command "sh module contentSwitchingModule all sticky".</P></BODY></HTML> Tue, 11 Jan 2005 12:51:14 GMT https://community.cisco.com/t5/application-networking/6500-w-csm-server-farm-with-4-ssl-modules/m-p/369210#M6322 spencedavid21 2005-01-11T12:51:14Z https://community.cisco.com/t5/application-networking/6500-w-csm-server-farm-with-4-ssl-modules/m-p/369211#M6323 <HTML><HEAD></HEAD><BODY><P>We've found another way to do this. It leverages the fact that the CSM includes the IN and OUT VLAN information in the session table. So, assume you put SSL module #1 in VLAN #11, SSL module #2 in VLAN #2, SSL module #3 in VLAN 13 and SSL module #4 in VLAN 14. When you do a 'sh mod csm X conns client xx.xx.xx.xx' you get something like the following (IP addresses changed to protect the innocent):</P><P></P><P> prot vlan source destination state </P><P>----------------------------------------------------------------------</P><P>In TCP 800 11.23.235.162:40546 2.6.46.5:443 ESTAB </P><P>Out TCP 13 2.6.46.5:443 11.23.235.162:40546 ESTAB </P><P></P><P>Since you know there is only 1 SSL module in VLAN 13 (the OUT VLAN) you know exactly which SSL module the session went to. In this case, SSL Module #3.</P><P></P><P>I have also used this in places where we do firewall load balancing and don't use sticky.</P></BODY></HTML> Wed, 12 Jan 2005 12:57:30 GMT https://community.cisco.com/t5/application-networking/6500-w-csm-server-farm-with-4-ssl-modules/m-p/369211#M6323 robert.breen.hbp2 2005-01-12T12:57:30Z