SSL with backend SSL on CSS 11500

Discussion in 'Cisco' started by Olivier PELERIN, Aug 30, 2004.

  1. Hi,

    I have 2 CSS 11503 running 7.20 standard image and I would like use the
    CSS for web mail access.

    In Short

    From vlan 5. users access a VIP 10.131.182.120 and 4 servers are
    located in Vlan415. theses 4 servers are lotus notes server with SSL
    task enabled and I need to build a failover access ( sorryserver).


    My current main issue is the fact CSS do not terminate the SSL
    handshaking. Any clue why and how should I troubleshoot?

    circuit VLAN5

    ip address 10.131.182.124 255.255.255.128
    ip virtual-router 1 priority 150 preempt
    ip redundant-interface 1 10.131.182.126
    ip redundant-vip 1 10.131.182.100
    ip critical-service 1 VLAN5_RTR

    circuit VLAN415

    ip address 10.131.182.130 255.255.255.128
    ip virtual-router 2 priority 150 preempt
    ip redundant-interface 2 10.131.182.129
    ip critical-service 2 VLAN5_RTR

    !*********************** SSL PROXY LIST ***********************
    ssl-proxy-list Webmail-test
    ssl-server 1
    ssl-server 1 rsakey test-ssl
    ssl-server 1 rsacert test-ssl
    ssl-server 1 vip address 10.131.182.120
    backend-server 10
    backend-server 10 ip address 10.131.182.252
    backend-server 10 server-ip 10.131.182.252
    backend-server 20
    backend-server 20 ip address 10.131.182.251
    backend-server 20 server-ip 10.131.182.251
    backend-server 30
    backend-server 30 ip address 10.131.182.250
    backend-server 30 server-ip 10.131.182.250
    backend-server 40
    backend-server 40 ip address 10.131.182.249
    backend-server 40 server-ip 10.131.182.249
    backend-server 10 cipher rsa-with-rc4-128-sha
    backend-server 20 cipher rsa-with-rc4-128-sha
    backend-server 30 cipher rsa-with-rc4-128-sha
    backend-server 40 cipher rsa-with-rc4-128-sha
    backend-server 10 cipher rsa-with-rc4-128-md5
    backend-server 20 cipher rsa-with-rc4-128-md5
    backend-server 30 cipher rsa-with-rc4-128-md5
    backend-server 40 cipher rsa-with-rc4-128-md5
    ssl-server 1 cipher rsa-with-rc4-128-md5 10.131.182.200 80
    backend-server 10 version ssl
    backend-server 20 version ssl
    backend-server 30 version ssl
    backend-server 40 version ssl
    active

    !************************** SERVICE **************************




    service backend-jdebuns17
    ip address 10.131.182.249
    type ssl-accel-backend
    add ssl-proxy-list Webmail-test
    keepalive port 443
    keepalive type ssl
    protocol tcp
    active

    service backend-jdebuns18
    ip address 10.131.182.250
    type ssl-accel-backend
    add ssl-proxy-list Webmail-test
    keepalive port 443
    keepalive type ssl
    protocol tcp
    active

    service backend-jdebuns19
    ip address 10.131.182.251
    type ssl-accel-backend
    add ssl-proxy-list Webmail-test
    keepalive port 443
    keepalive type ssl
    protocol tcp
    active

    service backend-jdebuns20
    ip address 10.131.182.252
    type ssl-accel-backend
    add ssl-proxy-list Webmail-test
    keepalive port 443
    keepalive type ssl
    protocol tcp
    active

    service ssl_front
    slot 2
    type ssl-accel
    keepalive type none
    add ssl-proxy-list Webmail-test
    active

    !*************************** OWNER ***************************


    owner webmail-test

    content back_maildebu19a
    vip address 10.131.182.200
    add service backend-jdebuns17
    url "/*"
    protocol tcp
    port 80
    active

    content front
    vip address 10.131.182.120
    application ssl
    add service ssl_front
    protocol tcp
    port 443
    active
     
    Olivier PELERIN, Aug 30, 2004
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.