Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
519
Views
0
Helpful
1
Replies

Need to configure multiple secure servers on Cisco SCA

jrieger
Level 1
Level 1

‎07-27-2004 12:27 PM

I have a Cisco SCA SSL appliance in front of a Foundry Server Iron used as a load balancer for 2 websites. One website is SSL enabled using the SCA appliance as it forwards the requests to a VIP on the Foundry. I want to offload SSL traffic for the second website as well using the SCA. I am unsure about how I can acomplish this. Here is the current SCA config:

sca1> en

Password:

sca1# sh run

#

# Cisco SCA Device Configuration File

#

# Written: Tue Jul 27 14:54:14 2004 DST

# Inxcfg: version 4.1 build 200212021616

# Device Type: CSS-SCA

# Device Id: S/N 11a328

# Device OS: MaxOS version 4.1.0 build 200212021616 by reading

### Mode ###

mode one-port

### Interfaces ###

interface network

duplex full

speed 100

end

interface server

auto

end

### Device ###

ip address 192.168.100.100 netmask 255.255.255.0

hostname sca1

timezone "CST6DST"

### Password ###

password idle-timeout 15

### SNTP ###

sntp interval 86400

### Static Routes ###

ip route 0.0.0.0 0.0.0.0 192.168.100.1 metric 1

### RIP ###

no rip

### DNS ###

no ip name-server

no ip domain-name

### Telnet ###

telnet enable

### Web Management ###

web-mgmt port 80

web-mgmt enable

### SNMP Subsystem ###

no snmp

### SSL Subsystem ###

server services create

ip address 192.168.100.120

localport 443

remoteport 81

key secure_pk

cert ws_secure

certgroup chain Intermediate_CA

secpolicy default

sslv2 enable

sslv3 enable

tlsv1 enable

session-cache size 20480

session-cache timeout 300

session-cache enable

no transparent

no clientauth enable

clientauth verifydepth 1

clientauth error cert-other-error fail

clientauth error cert-not-provided fail

clientauth error cert-has-expired fail

clientauth error cert-not-yet-valid fail

clientauth error cert-has-invalid-ca fail

clientauth error cert-has-signature-failure fail

clientauth error cert-revoked fail

sharedcipher error failhtml

ephemeral error failhtml

certgroup clientauth defaultCA

no httpheader client-cert

no httpheader server-cert

no httpheader session

no httpheader pre-filter

httpheader prefix "SSL"

ephrsa

keepalive frequency 5

keepalive maxfailure 3

no keepalive enable

end

end

Many thanks,

Jason

Labels:
0 Helpful
1 Reply 1

d.parks
Level 1
Level 1

‎07-27-2004 01:29 PM

Hello Jason,

The trick to running more than one site through a single SCA is to use a unique TCP port for each site, since you can't use more than one IP address on the SCA. In my case, I front end the SCA's (I have a pair) with the load balancer, and remap the 443 traffic to 444, 445, etc. to accomodate multiple web sites.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents