I have a Cisco SCA SSL appliance in front of a Foundry Server Iron used as a load balancer for 2 websites. One website is SSL enabled using the SCA appliance as it forwards the requests to a VIP on the Foundry. I want to offload SSL traffic for the second website as well using the SCA. I am unsure about how I can acomplish this. Here is the current SCA config:
sca1> en
Password:
sca1# sh run
#
# Cisco SCA Device Configuration File
#
# Written: Tue Jul 27 14:54:14 2004 DST
# Inxcfg: version 4.1 build 200212021616
# Device Type: CSS-SCA
# Device Id: S/N 11a328
# Device OS: MaxOS version 4.1.0 build 200212021616 by reading
### Mode ###
mode one-port
### Interfaces ###
interface network
duplex full
speed 100
end
interface server
auto
end
### Device ###
ip address 192.168.100.100 netmask 255.255.255.0
hostname sca1
timezone "CST6DST"
### Password ###
password idle-timeout 15
### SNTP ###
sntp interval 86400
### Static Routes ###
ip route 0.0.0.0 0.0.0.0 192.168.100.1 metric 1
### RIP ###
no rip
### DNS ###
no ip name-server
no ip domain-name
### Telnet ###
telnet enable
### Web Management ###
web-mgmt port 80
web-mgmt enable
### SNMP Subsystem ###
no snmp
### SSL Subsystem ###
server services create
ip address 192.168.100.120
localport 443
remoteport 81
key secure_pk
cert ws_secure
certgroup chain Intermediate_CA
secpolicy default
sslv2 enable
sslv3 enable
tlsv1 enable
session-cache size 20480
session-cache timeout 300
session-cache enable
no transparent
no clientauth enable
clientauth verifydepth 1
clientauth error cert-other-error fail
clientauth error cert-not-provided fail
clientauth error cert-has-expired fail
clientauth error cert-not-yet-valid fail
clientauth error cert-has-invalid-ca fail
clientauth error cert-has-signature-failure fail
clientauth error cert-revoked fail
sharedcipher error failhtml
ephemeral error failhtml
certgroup clientauth defaultCA
no httpheader client-cert
no httpheader server-cert
no httpheader session
no httpheader pre-filter
httpheader prefix "SSL"
ephrsa
keepalive frequency 5
keepalive maxfailure 3
no keepalive enable
end
end
Many thanks,
Jason