Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
426
Views
0
Helpful
4
Replies

SSL feature on CSM version 4.1

rsoave
Level 1
Level 1

‎05-05-2004 12:43 PM

Hi everyone,

I have a question about a new relase available from Cisco in last days, CSM version 4.1

1) In a first document there was a information, that said the following:

Backend encryption Supports network-based Secure Socket Layer(SSL) acceleration. This feature is supported in Cicso IOS Release 12.2(17b)SXA for Supervisor Engine 720 and Cisco IOS Release

12.2(17d)SXB for Supervisor Engine 2.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/relnotes/78_16474.htm

But, in new documentation, the information is the following:

Back-end Secure Sockets Layer (SSL) solution—Together with the SSL module for the Cisco Catalyst 6500 Series switches and Cisco 7600 series routers, the CSM provides a complete solution for intelligent load balancing and end-to-end encryption. Because the CSM and SSL modules are housed in the same chassis, this solution provides the capability to make an intelligent load-balancing decision up to Layer 7 and to ensure that the request continues on to the back-end real server encrypted.

http://www.cisco.com/warp/public/cc/pd/ifaa/svaa/iasvaa/prodlit/2438_pp.htm

This mean, in a first instance, only upgrade from software were necessary, to make the SSL encryption on CSM available, but now, Cisco tell that the version 4.1 from CSM with SSL, works in the same chassis and need a "Hardware" SSL module.

What I should to do? I will have to tell to my customer that now he needs a new Module, that shoul be very expensive, or only software installed we can make the SSL function works fine??

My customer have a Catalyst 6509 with 2 Supervisor Engine 2 and he has memory enough to software upgrade.

Any Help is welcome.

Thanks in advance

Labels:
0 Helpful
4 Replies 4

Gilles Dufour
Cisco Employee
Cisco Employee

‎05-06-2004 04:15 AM

you need specific hardware to make SSL.

If it was to be done in software it would be too slow [I'm sure your customer does not want that].

So you need a new hardware for SSL encryption.

It can be a separate SSL module or the new CSM with integrated SSL hardware [not sure if this one is out yet].

Gilles.

0 Helpful

rsoave
Level 1
Level 1
In response to Gilles Dufour

‎05-06-2004 05:44 AM

Ok Gilles, I've understood that we can use only the software to configure SSL terminations. Am I correct?

If yes, How many SSL terminations the hardware supports? How much will be the degradation of Switch?

Do you have some samples or configurations??

Thanks again.

Regards

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to rsoave

‎05-07-2004 08:12 AM

you simply can't do SSL termination on the CSM alone.

If you buy the SSL module, and need some info, check this link :

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/ssl_mod/index.htm

Gilles.

0 Helpful

rsoave
Level 1
Level 1
In response to Gilles Dufour

‎05-10-2004 10:24 AM

Thanks for your explanation Gilles.

And the links, help me a lot.

Best regards...

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card