Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,I have a CSM running in router mode with one client vlan, one server vlan and two server vlans for SCAs. Load Balancing is ok, connections directly to the servers and the SCAs through the CSM are ok.Connections from the server vlan directed to the...
Hello everybody,snenario:inside --- PIX 535 6.3(3)UR --- outside with ipsec tunnel endpointtraffic from inside to outside was restricted to mss=1460. After configuring the tunnel it's now mss=1380, also for traffic not going into the tunnel. The tunn...
Does anybody know how to configure certificate chains on a CSS 11501 SSL (or any CSS 11500 with integrated SSL module)? Can't find anything in the docu, seems to work only on the separate SCA.The release notes mention a bug CSCdy66844 on certificate ...
Is it possible for a CSS (11501 SSL) to detect the browser version of an incoming client to see if he is able to do 128 bit SSL or only 40 bit SSL? Is that in the HTTP header, if so, where / which string / ...?Thanks for any helpful comment,Uli
Hi,scenario with two CSS and two SCA for SSL offload from Web Servers as described in the SCA Config Guide (deployment examples one-armed (non-)transparenton proxy) on CCO.The example configs are definitly not correct - VIPs or static-route-next-hops...
Gilles,I think this could be the point! I can remember that I had this problem: Ping from client to server opens reverse direction. Can I use static ARP entries to solve this problem? Or is there a "less static" way"Many thanksUli
Thanks for your explanation.The page I was referencing is:http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_sca/sca_420/sca_ap_b.htmIt's very similar to the one you've referenced.What I mean with "not correct" is for example:The VIPs i...
