EasyManuals Logo

Cisco 11503 - CSS Content Services Switch Configuration Guide

Cisco 11503 - CSS Content Services Switch
250 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #231 background imageLoading...
Page #231 background image
8-17
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Chapter 8 Examples of CSS SSL Configurations
content http-ssl-rule
vip address 192.28.4.4
protocol tcp
port 8080
url “/*”
add service serverDEF
add service serverJKL
advanced-balance arrowpoint-cookie
active
SSL Full Proxy Configuration One SSL Module
An SSL full proxy server is a proxy server that terminates the client’s SSL
connections and initiates the back-end connection to the HTTP server using a
different source IP address than that of the client. This configuration does not
preserve the client’s IP address for the back-end connection to the HTTP server.
This section provides an example configuration for an SSL full proxy between a
client, a CSS with a single SSL module, and three HTTP servers (ServerABC,
ServerDEF, and ServerGHI). A Layer 5 sticky content rule is used in the
configuration. For the CSS to implement a full proxy configuration with an SSL
module, the configuration includes a source group that is used to isolate the SSL
module traffic and to NAT its source address.
Figure 8-6 illustrates this full proxy configuration.
For purposes of illustration, the configuration example in Figure 8-6 shows the
VIP address for the SSL content rule (ssl-rule) to be the same as the VIP address
for the HTTP content rule (http-rule). These two VIP addresses do not have to be
identical. Depending on the method that you choose to allow access to secure
content on your HTTP servers, you may require specification of a different VIP
address for the clear-text content rule to place it in nonroutable address space.
In this example, instead of specifying a VIP address of 192.168.5.5 for the
http-rule content rule, you could specify a VIP address of 10.1.1.5. The clear-text
http-rule will be unreachable from the Internet, which can offer you more
flexibility and granularity while allowing the CSS to be seamlessly integrated for
secure transactions.

Table of Contents

Other manuals for Cisco 11503 - CSS Content Services Switch

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 11503 - CSS Content Services Switch and is the answer not in the manual?

Cisco 11503 - CSS Content Services Switch Specifications

General IconGeneral
BrandCisco
Model11503 - CSS Content Services Switch
CategorySwitch
LanguageEnglish

Related product manuals