Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
394
Views
0
Helpful
1
Replies

CSS11506 - Getting there but still a bit more help

dclee
Level 1
Level 1

‎05-12-2007 05:18 PM

Currently terminating SSL connection on CSS with backend webserver connected to isolated vlan off CSS module. This now seems to be working well. However my next step is I have a need to move the backend server off the CSS completely and back into our production LAN. I have been told I dont need to have my server connected to the CSS. Here is my config. Can someone have a look at it and let me know what do I need to do in order to make this move happen ?

CSS11506# sh run

!Generated on 05/12/2007 17:00:20

!Active version: sg0720003

configure

!*************************** GLOBAL ***************************

ssl associate rsakey myrsakey1 CSSrsakey1

ssl associate cert myrsacert1 CSScertfile1

ssl associate rsakey myrsakey2 CSSrsakey2

ssl associate cert myrsacert2 CSScertfile2

ip route 0.0.0.0 0.0.0.0 204.101.28.161 1

!************************* INTERFACE *************************

interface 5/13

description "Client Side"

bridge vlan 10

interface 5/15

bridge vlan 20

description "Server side"

!************************** CIRCUIT **************************

circuit VLAN10

ip address 204.x.x.163 255.255.255.224

circuit VLAN20

ip address 10.10.10.1 255.255.255.0

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list sslfrinew

ssl-server 97

ssl-server 97 vip address 204.101.28.166

ssl-server 97 cipher rsa-with-des-cbc-sha 10.10.10.10 80

ssl-server 97 cipher rsa-with-3des-ede-cbc-sha 10.10.10.10 80

ssl-server 97 cipher rsa-with-rc4-128-sha 10.10.10.10 80

ssl-server 97 cipher rsa-with-rc4-128-md5 10.10.10.10 80

ssl-server 97 rsacert myrsacert1

ssl-server 97 rsakey myrsakey1

ssl-server 97 urlrewrite 24 http://www.test.com

active

!************************** SERVICE **************************

service SSLFRIDAY

type ssl-accel

keepalive type none

slot 6

add ssl-proxy-list sslfrinew

active

service http_backend

ip address 10.10.10.10

port 80

protocol tcp

active

!*************************** OWNER ***************************

owner Dave

content SSLFriday

vip address 204.101.28.166

application ssl

add service SSLFRIDAY

protocol tcp

port 443

active

content decrypt_www

vip address 10.10.10.5

add service http_backend

port 80

protocol tcp

active

CSS11506#

Thanks again

Dave

Labels:
0 Helpful
1 Reply 1

gmarogi
Level 5
Level 5

‎05-21-2007 06:04 AM

Key and certificate generation may be necessary in instances when you do not have pre-existing keys or certificates for the CSS. REfer URL

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11000series/v6.10/configuration/advanced/guide/SSL

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card