CSS 11503 and SSL configuration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2009 04:44 AM
Please could someone guide me in the correct direction. I have a CSS 11503 that I am using in a test environment and I want to be able to terminate SSL to the device and then balance unencrypted to back end web servers. When I bought this I read the brief on the CSS 11503 http://www.cisco.com/en/US/customer/prod/collateral/contnetw/ps5719/ps792/product_data_sheet0900aecd800f851e.html This says that SSL termination is possible and does not state anything about needing a SSL module. Please could you advise if this is correct ?
I am able to setup the CSS to the point where I try activate the SSL service and keep getting a BAD IP ADDRESS when I type the active command.
This is my config so if someone could guide me it would be great.
CSS11503(config)# service ssl_im1
CSS11503(config-service[ssl_im1])# active
%% Bad IP Address
CSS11503# show startup-config
!Generated on 07/07/2009 12:28:32
!Active version: sg0810106
configure
!*************************** GLOBAL ***************************
ssl associate rsakey imrsakey imrsakey
ip route 0.0.0.0 0.0.0.0 192.168.33.1 1
!************************* INTERFACE *************************
interface 2/6
bridge vlan 35
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.33.2 255.255.255.0
circuit VLAN35
ip address 192.168.35.1 255.255.255.0
!*********************** SSL PROXY LIST ***********************
ssl-proxy-list ssl_proxy1
ssl-server 10
ssl-server 10 rsacert imcert
ssl-server 10 rsakey imrsakey
ssl-server 10 vip address 192.168.33.11
ssl-server 10 cipher rsa-export-with-rc4-40-md5 192.168.35.11 80
active
!************************** SERVICE **************************
service EUHS1WEB20
keepalive type http
port 80
protocol tcp
ip address 192.168.35.20
active
service ssl_im1
keepalive type none
add ssl-proxy-list ssl_proxy1
!*************************** OWNER ***************************
owner im.com
content http-rule
protocol tcp
port 80
add service EUHS1WEB20
vip address 192.168.35.11
content ssl-rule
protocol tcp
port 443
add service ssl_im1
vip address 192.168.33.11
CSS11503#
Thank you in advance
- Labels:
-
Application Networking
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2009 04:56 AM
You need an ssl module to do ssl encryption/decryption.
G.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-07-2009 05:09 AM
I thought as much, love the way cisco gives you information as per document I attached saying SSL termination is possible then no indication or caveat that an SSL module is needed
