Solved: SCA design question - PIX and SCA with dual logical SSL server.

cjrchoi11 · ‎06-03-2004

I have a SCA design question. please correct or verify my solution.

1. connectivity.

* client will access WEB server with x.x.1.100 or x.x.1.101

2. physical IP address

- PIX outside=x.x.1.1

- PIX inside=x.y.1.1

- SCA device=x.y.1.2

- SERVER NIC1=x.y.1.10

- SERVER NIC2=x.y.1.11

3. PIX NAT

- static#1=x.x.1.100 map to x.y.1.10

- static#2=x.x.1.101 map to x.y.1.11

4. SCA configuration.

!

mode one-port

no mode one-port

!

ip address x.y.1.2 netmask 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 x.y.1.1

!

ssl

server SERVER1

ip address x.y.1.10

localport 443

remoteport 81

server SERVER2

ip address x.y.1.11

localport 443

remoteport 81

...

Thanks,

Gilles Dufour · ‎06-10-2004

at first glance I would say this is ok.

make sure you are in 'no mode one-port'.

Also, you will have to install keys and certificates.

Regards,

Gilles.

View solution in original post

Report Inappropriate Content · ‎06-09-2004

The document http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/scacfggd/ has a link to a page which describes how to use the configuration manager command line interface to configure the Secure Content Accelerator. Several configuration examples are also included in this page.

Gilles Dufour · ‎06-10-2004

at first glance I would say this is ok.

make sure you are in 'no mode one-port'.

Also, you will have to install keys and certificates.

Regards,

Gilles.