Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > SSL with backend SSL on CSS 11500

Reply
Thread Tools

SSL with backend SSL on CSS 11500

 
 
Olivier PELERIN
Guest
Posts: n/a
 
      08-30-2004
Hi,

I have 2 CSS 11503 running 7.20 standard image and I would like use the
CSS for web mail access.

In Short

From vlan 5. users access a VIP 10.131.182.120 and 4 servers are
located in Vlan415. theses 4 servers are lotus notes server with SSL
task enabled and I need to build a failover access ( sorryserver).


My current main issue is the fact CSS do not terminate the SSL
handshaking. Any clue why and how should I troubleshoot?

circuit VLAN5

ip address 10.131.182.124 255.255.255.128
ip virtual-router 1 priority 150 preempt
ip redundant-interface 1 10.131.182.126
ip redundant-vip 1 10.131.182.100
ip critical-service 1 VLAN5_RTR

circuit VLAN415

ip address 10.131.182.130 255.255.255.128
ip virtual-router 2 priority 150 preempt
ip redundant-interface 2 10.131.182.129
ip critical-service 2 VLAN5_RTR

!*********************** SSL PROXY LIST ***********************
ssl-proxy-list Webmail-test
ssl-server 1
ssl-server 1 rsakey test-ssl
ssl-server 1 rsacert test-ssl
ssl-server 1 vip address 10.131.182.120
backend-server 10
backend-server 10 ip address 10.131.182.252
backend-server 10 server-ip 10.131.182.252
backend-server 20
backend-server 20 ip address 10.131.182.251
backend-server 20 server-ip 10.131.182.251
backend-server 30
backend-server 30 ip address 10.131.182.250
backend-server 30 server-ip 10.131.182.250
backend-server 40
backend-server 40 ip address 10.131.182.249
backend-server 40 server-ip 10.131.182.249
backend-server 10 cipher rsa-with-rc4-128-sha
backend-server 20 cipher rsa-with-rc4-128-sha
backend-server 30 cipher rsa-with-rc4-128-sha
backend-server 40 cipher rsa-with-rc4-128-sha
backend-server 10 cipher rsa-with-rc4-128-md5
backend-server 20 cipher rsa-with-rc4-128-md5
backend-server 30 cipher rsa-with-rc4-128-md5
backend-server 40 cipher rsa-with-rc4-128-md5
ssl-server 1 cipher rsa-with-rc4-128-md5 10.131.182.200 80
backend-server 10 version ssl
backend-server 20 version ssl
backend-server 30 version ssl
backend-server 40 version ssl
active

!************************** SERVICE **************************




service backend-jdebuns17
ip address 10.131.182.249
type ssl-accel-backend
add ssl-proxy-list Webmail-test
keepalive port 443
keepalive type ssl
protocol tcp
active

service backend-jdebuns18
ip address 10.131.182.250
type ssl-accel-backend
add ssl-proxy-list Webmail-test
keepalive port 443
keepalive type ssl
protocol tcp
active

service backend-jdebuns19
ip address 10.131.182.251
type ssl-accel-backend
add ssl-proxy-list Webmail-test
keepalive port 443
keepalive type ssl
protocol tcp
active

service backend-jdebuns20
ip address 10.131.182.252
type ssl-accel-backend
add ssl-proxy-list Webmail-test
keepalive port 443
keepalive type ssl
protocol tcp
active

service ssl_front
slot 2
type ssl-accel
keepalive type none
add ssl-proxy-list Webmail-test
active

!*************************** OWNER ***************************


owner webmail-test

content back_maildebu19a
vip address 10.131.182.200
add service backend-jdebuns17
url "/*"
protocol tcp
port 80
active

content front
vip address 10.131.182.120
application ssl
add service ssl_front
protocol tcp
port 443
active
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sessions on CSS 11500 ringmeister84@gmail.com Cisco 4 04-01-2007 07:44 PM
Simple task works when MS SQL Server is the backend but not when MySQL is the backend. Ted ASP .Net 1 02-22-2007 08:33 PM
CSS 11500 session log esposito.francesco@gmail.com Cisco 3 08-28-2006 08:56 AM
CSS 11500, SSL Module, and Client Authentication patrick.greene@gmail.com Cisco 0 03-21-2005 09:12 PM
Cisco 11500 CSS http keepalive check for web content? RT Cisco 0 11-23-2004 11:38 PM



Advertisments