Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1507
Views
0
Helpful
1
Replies

CSS with single SSL module.. balance option needed?

scottmcgillivray
Level 1
Level 1

‎02-27-2011 07:38 AM

Hi all,

Quick question. If you have a CSS 11503 with one SSL offload module installed.. is there any point in using the "application ssl" and "advanced-balance ssl" options in the content rule? I can't find any info that tells me for sure but I'm guessing that these options can be used to balance between multiple ssl modules and provide stickiness to the modules etc.. but doesn't have any effect on the traffic distribution and stickiness to the backend server services?

For example if I have a L5 content rule like the one below and only one SSL module, should i remove the "application ssl" and "advanced-balance ssl" options and just use the port 80 content rule which the ssl proxy lists offloads traffic too and apply the "advanced-balance sticky-srcip-dstport" and "balance leastconn" there ?

  content DEVCOM_TCP443_L5
    vip address x.x.x.x
    application ssl
    advanced-balance ssl
    protocol tcp
    port 443
    url "//dev.subdomain.domain.com/*"
    add service ssl_module1
    active

I have read various forum postings and i read the CSS SSL config guide but the examples all seem to differ in their implementation.

Many thanks

Scott

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎02-28-2011 08:05 AM

You're correct.

There is no need to specify the application type as ssl and the advanced-balance method when using a single ssl module.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card