Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have a CSM with two SSL modules. My clients come in through a proxy, the traffic is sent from the CSM and balanced to the SSL modules for decryption, back to the CSM for cookie insertion for sticky to the servers. The traffic is then sent back to t...
I'm having an issue with a service on my CSM where the server log is showing "An error occurred receiving data from (10.129.53.250) over TCP/IP. This maybe due to a communications failure". That address is the CSM NAT Address. When I do a packet capt...
I'm trying to understand the best way to balance traffic to two servers when decrypting and re-encrypting with the CSM and an SSL module. I take the SSL traffic hitting the first CSM VIP and forward to the SSL module for decryption. Send the decrypte...
I am trying to configure backend encryption using the SSL module to communicate with a server using a self signed certificate. I configured Authenticate verify none. I have not copied any cert info from the server. Do I need to? The SSL module is com...
I have a simple config with a virtual server accepting all ports and pointing to a serverfarm with one server. I can ping the VIP fine and then it stops responding for no reason that I can find. I rebooted the CSMs and upgraded code from 4.2(3a) to 4...
Ok thanks. I will give this a try in our test environment and see how it goes. I agree with your opinion on the security aspect of this configuration but to be honest with you I have not gotten the best advice on the CSM's from Cisco over the years a...
The current SSL configs are as follows:SSL-1:service prod-service-cf8 virtual ipaddr 10.6.1.30 protocol tcp port 443 server ipaddr 10.6.1.32 protocol tcp port 80 certificate rsa general-purpose trustpoint prod-service-cf8-tp-11 inservice ! servic...
I had read through these and found my issue. It was the balancing between the two SSL mods that I needed to work through and then an application issue got in the way.Thanks..
Yes it was up and a debug showed an invalid cert message when the service was hit. The answer turned out to be that you still need to import the root CA from the server so that the SSL mod has something to verify the cert against.Thanks..
The servers in the farm are up. We are not using a keepalive on them. The service is working reliably and one VIP averages 1200+ connections so if there were other issues I'm pretty sure we would here about it.Thanks...
