cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1574
Views
0
Helpful
6
Replies

can CSS11501 without ssl module load balancing https

lanningye
Level 1
Level 1

Hi,

Anyone could help me?

We have a CSS11501 NAME: "chassis   ",  DESCR: "Cisco 11501 Content Services Switch with Hard and AC Disk"
PID: CSS11501

I just found out that this hardware doesn't have SSL module built in.

We have two Web Server running IIS. we are going to apply SSL wildcard certification to the server for multi-domain access. I wonder if it possible to use this CSS to provide load balance to access these two server with https request? Even just access one server without load balancing? My configuration is as below:

configure


!*************************** GLOBAL ***************************
  ip route 0.0.0.0 0.0.0.0 193.39.xx.xx 1

!************************* INTERFACE *************************
interface e1
  bridge vlan 2
interface e5
  bridge vlan 3

interface e6
  bridge vlan 3

interface e7
  bridge vlan 3

interface e8
  bridge vlan 3

!************************** CIRCUIT **************************
circuit VLAN2

  ip address 193.39.xx.xx 255.255.255.192

circuit VLAN3

  ip address 192.168.10.1 255.255.255.0

!************************** SERVICE **************************
service Server1
  ip address 192.168.10.3
  keepalive type tcp
  keepalive port 80
  active

!*************************** OWNER ***************************
owner Test

  content Test

    vip address 193.39.xx.xx

    protocol tcp
    port 443
    add service Server1

    active

BETEGUCSS01#

Why I could access https://localhost on the webserver, but can't access VIP via the load balancer https://193.39.xx.xx ?

Any help would be very appreciated!

1 Accepted Solution

Accepted Solutions

Hey Lanning,

Ok gotcha! In that case let's create a basic L4 load balancing for HTTP and HTTPS.  We need to split up the services and rules as follows:

!************************** SERVICE **************************
service Server1-HTTP
  ip address 192.168.10.3

  port 80
  keepalive type tcp
  keepalive port 80
  active


service Server1-HTTPS
  ip address 192.168.10.3

  port 443
  keepalive type tcp
  keepalive port 443
  active


!*************************** OWNER ***************************
owner Test

  content Test-HTTP

    vip address 193.39.xx.xx

    protocol tcp
    port 80
    add service Server1-HTTP

    active


owner Test-HTTPS

  content Test

    vip address 193.39.xx.xx

    protocol tcp
    port 443
    add service Server1-HTTPS

    active

Check the service status and then send some request to the VIPs and gather the output of show summary to confirm the

request are hitting the CSS.

I have a little suspicion that you have an asymmetric routing issue going on... Is this server dual-homed?

Regards.

__ __

Pablo

View solution in original post