Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
0
Helpful
2
Replies

CSS 11503 and SSL configuration

yulunga
Level 1
Level 1

‎07-07-2009 04:44 AM

Please could someone guide me in the correct direction. I have a CSS 11503 that I am using in a test environment and I want to be able to terminate SSL to the device and then balance unencrypted to back end web servers. When I bought this I read the brief on the CSS 11503 http://www.cisco.com/en/US/customer/prod/collateral/contnetw/ps5719/ps792/product_data_sheet0900aecd800f851e.html This says that SSL termination is possible and does not state anything about needing a SSL module. Please could you advise if this is correct ?

I am able to setup the CSS to the point where I try activate the SSL service and keep getting a BAD IP ADDRESS when I type the active command.

This is my config so if someone could guide me it would be great.

CSS11503(config)# service ssl_im1

CSS11503(config-service[ssl_im1])# active

%% Bad IP Address

CSS11503# show startup-config

!Generated on 07/07/2009 12:28:32

!Active version: sg0810106

configure

!*************************** GLOBAL ***************************

ssl associate rsakey imrsakey imrsakey

ip route 0.0.0.0 0.0.0.0 192.168.33.1 1

!************************* INTERFACE *************************

interface 2/6

bridge vlan 35

!************************** CIRCUIT **************************

circuit VLAN1

ip address 192.168.33.2 255.255.255.0

circuit VLAN35

ip address 192.168.35.1 255.255.255.0

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list ssl_proxy1

ssl-server 10

ssl-server 10 rsacert imcert

ssl-server 10 rsakey imrsakey

ssl-server 10 vip address 192.168.33.11

ssl-server 10 cipher rsa-export-with-rc4-40-md5 192.168.35.11 80

active

!************************** SERVICE **************************

service EUHS1WEB20

keepalive type http

port 80

protocol tcp

ip address 192.168.35.20

active

service ssl_im1

keepalive type none

add ssl-proxy-list ssl_proxy1

!*************************** OWNER ***************************

owner im.com

content http-rule

protocol tcp

port 80

add service EUHS1WEB20

vip address 192.168.35.11

content ssl-rule

protocol tcp

port 443

add service ssl_im1

vip address 192.168.33.11

CSS11503#

Thank you in advance

Labels:
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎07-07-2009 04:56 AM

You need an ssl module to do ssl encryption/decryption.

G.

0 Helpful

yulunga
Level 1
Level 1
In response to Gilles Dufour

‎07-07-2009 05:09 AM

I thought as much, love the way cisco gives you information as per document I attached saying SSL termination is possible then no indication or caveat that an SSL module is needed

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card