05-24-2007 03:39 PM
Hi, im having issues with configuring a CSM-S. Our standard config with a content switch module and ssl module is to have the SSL proxy vlan on a differing layer-3 subnet, and the CSM bridging between the client & server vlan for non SSL loadbalacing. As I say this works fine with seperate modules
We have just deployed a CSM-S ( embedded ssl daughter card) We set up the same configs, but this doesnt seem to work. If you look at the arp cache on the CSM-S module, you see that SSL Proxy vlan is not in correct VLAN,it hence no communication flow between the CSM and the SSL daughter card.
can anyone help ?
05-25-2007 09:40 AM
Hi Nick
We use CSM-S modules in our data centres and we do exactly the same as you are trying ie.
we route to the SSL daughtercard and bridge to load-balanced servers.
Could you post your config and the version numbers of the CSM-S modules.
Jon
06-18-2007 12:19 AM
hi Jon ,
i have the same issue. i have pasted my config below..pls validate.
HTTP traffic for 10.6.100.232 on port 80 for server Only
HTTPS traffic for 10.6.100.232 on port 443 for server Only
*****MSFC config *****
!
Vlan 801
description CSM-S_ADMIN_VLAN
ip address 10.6.78.2 255.255.255.240
standby 1 priority 100 preempt
standby 1 ip 10.6.78.1
!
!
Vlan 32
description SSL Offload TRAFFIC_VLAN
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
CSM-S service module configuration
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Current configuration : 866 bytes
module ContentSwitchingModule 5
ft group 250 vlan 996
priority 20
heartbeat-time 5
failover 4
preempt
!
vlan 10 client
ip address 10.6.100.3 255.255.255.0
!
vlan 800 server
ip address 10.6.100.3 255.255.255.0
!
vlan 801 server
description CSM-S_ADMIN_VLAN
ip address 10.6.78.5 255.255.255.240
!
vlan 32 server
description SSL_Offload TRAFFIC_VLAN
ip address 10.6.32.5 255.255.255.128
alias 10.6.32.1 255.255.255.128
!
serverfarm NEW_y
nat server
no nat client
failaction reassign
real 10.6.100.233 80
inservice
real 10.6.100.234 80
inservice
!
vserver NEW_y
virtual 10.6.100.235 tcp www
serverfarm NEW_y
replicate csrp connection
persistent rebalance
inservice
!
serverfarm WEBSSL
nat server
no nat client
real 10.6.32.7 local
inservice
!
vserver VSSL
virtual 10.6.100.232 tcp https
serverfarm WEBSSL
persistent rebalance
inservice
!
end
@@@@@@@@
SSL Daughter card config
######################
ip domain name reiko.com
!
ip ssh rsa keypair-name ssh-key
!
!
ssl-proxy service sslterm
virtual ipaddr 10.6.32.7 255.255.255.128 protocol tcp port 443 secondary
server ipaddr 10.6.100.232 protocol tcp port 80
certificate rsa general-purpose trustpoint cc.reiko.com
inservice
ssl-proxy vlan 801
ipaddr 10.6.78.9 255.255.255.240
gateway 10.6.78.1
admin
ssl-proxy vlan 32
ipaddr 10.6.32.3 255.255.255.128
gateway 10.6.32.1
route 10.6.100.0 gateway 10.6.100.1
its is also not accepting the route command by saying that the next-hop is not directly attached.
TiA
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide