About carlsond

carlsond · 04-07-2011

I have a CSM with two SSL modules. My clients come in through a proxy, the traffic is sent from the CSM and balanced to the SSL modules for decryption, back to the CSM for cookie insertion for sticky to the servers. The traffic is then sent back to t...

carlsond · 09-11-2009

I'm having an issue with a service on my CSM where the server log is showing "An error occurred receiving data from (10.129.53.250) over TCP/IP. This maybe due to a communications failure". That address is the CSM NAT Address. When I do a packet capt...

carlsond · 04-21-2009

I'm trying to understand the best way to balance traffic to two servers when decrypting and re-encrypting with the CSM and an SSL module. I take the SSL traffic hitting the first CSM VIP and forward to the SSL module for decryption. Send the decrypte...

carlsond · 02-19-2009

I am trying to configure backend encryption using the SSL module to communicate with a server using a self signed certificate. I configured Authenticate verify none. I have not copied any cert info from the server. Do I need to? The SSL module is com...

carlsond · 09-07-2008

I have a simple config with a virtual server accepting all ports and pointing to a serverfarm with one server. I can ping the VIP fine and then it stops responding for no reason that I can find. I rebooted the CSMs and upgraded code from 4.2(3a) to 4...

carlsond · 04-12-2011

Ok thanks. I will give this a try in our test environment and see how it goes. I agree with your opinion on the security aspect of this configuration but to be honest with you I have not gotten the best advice on the CSM's from Cisco over the years a...

carlsond · 04-12-2011

The current SSL configs are as follows:SSL-1:service prod-service-cf8 virtual ipaddr 10.6.1.30 protocol tcp port 443 server ipaddr 10.6.1.32 protocol tcp port 80 certificate rsa general-purpose trustpoint prod-service-cf8-tp-11 inservice ! servic...

carlsond · 06-01-2009

I had read through these and found my issue. It was the balancing between the two SSL mods that I needed to work through and then an application issue got in the way.Thanks..

carlsond · 02-25-2009

Yes it was up and a debug showed an invalid cert message when the service was hit. The answer turned out to be that you still need to import the root CA from the server so that the SSL mod has something to verify the cert against.Thanks..

carlsond · 09-08-2008

The servers in the farm are up. We are not using a keepalive on them. The service is working reliably and one VIP averages 1200+ connections so if there were other issues I'm pretty sure we would here about it.Thanks...

Member Since	‎05-13-2003 11:05 AM
Date Last Visited	‎08-18-2017 03:53 AM
Posts	53

User Statistics

User Activity

CSM with SSL Mods - Issue With Clients not Sticking

What is TCP Splicing on a CSM Vserver

Load Balancing with a CSM & SSL Module

Backend Encryption with SSL module & Self Signed Cert

CSM VIP stops responding to pings

Re: CSM with SSL Mods - Issue With Clients not Sticking

Re: CSM with SSL Mods - Issue With Clients not Sticking

Re: Load Balancing with a CSM & SSL Module

Re: Backend Encryption with SSL module & Self Signed Cert

Re: CSM VIP stops responding to pings