12-08-2010 08:14 AM
Hi,
Anyone could help me?
We have a CSS11501 NAME: "chassis ", DESCR: "Cisco 11501 Content Services Switch with Hard and AC Disk"
PID: CSS11501
I just found out that this hardware doesn't have SSL module built in.
We have two Web Server running IIS. we are going to apply SSL wildcard certification to the server for multi-domain access. I wonder if it possible to use this CSS to provide load balance to access these two server with https request? Even just access one server without load balancing? My configuration is as below:
configure
!*************************** GLOBAL ***************************
ip route 0.0.0.0 0.0.0.0 193.39.xx.xx 1
!************************* INTERFACE *************************
interface e1
bridge vlan 2
interface e5
bridge vlan 3
interface e6
bridge vlan 3
interface e7
bridge vlan 3
interface e8
bridge vlan 3
!************************** CIRCUIT **************************
circuit VLAN2
ip address 193.39.xx.xx 255.255.255.192
circuit VLAN3
ip address 192.168.10.1 255.255.255.0
!************************** SERVICE **************************
service Server1
ip address 192.168.10.3
keepalive type tcp
keepalive port 80
active
!*************************** OWNER ***************************
owner Test
content Test
vip address 193.39.xx.xx
protocol tcp
port 443
add service Server1
active
BETEGUCSS01#
Why I could access https://localhost on the webserver, but can't access VIP via the load balancer https://193.39.xx.xx ?
Any help would be very appreciated!
Solved! Go to Solution.
12-09-2010 09:07 AM
Hey Lanning,
Ok gotcha! In that case let's create a basic L4 load balancing for HTTP and HTTPS. We need to split up the services and rules as follows:
!************************** SERVICE **************************
service Server1-HTTP
ip address 192.168.10.3
port 80
keepalive type tcp
keepalive port 80
active
service Server1-HTTPS
ip address 192.168.10.3
port 443
keepalive type tcp
keepalive port 443
active
!*************************** OWNER ***************************
owner Test
content Test-HTTP
vip address 193.39.xx.xx
protocol tcp
port 80
add service Server1-HTTP
active
owner Test-HTTPS
content Test
vip address 193.39.xx.xx
protocol tcp
port 443
add service Server1-HTTPS
active
Check the service status and then send some request to the VIPs and gather the output of show summary to confirm the
request are hitting the CSS.
I have a little suspicion that you have an asymmetric routing issue going on... Is this server dual-homed?
Regards.
__ __
Pablo