EasyManuals Logo

Cisco 11503 - CSS Content Services Switch Configuration Guide

Cisco 11503 - CSS Content Services Switch
250 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #89 background imageLoading...
Page #89 background image
4-7
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Chapter 4 Configuring SSL Termination
Configuring Virtual SSL Servers for an SSL Proxy List
If the VIP address has not been defined for the virtual SSL sever when you
activate the SSL proxy list (see the “Specifying the Nagle Algorithm for SSL TCP
Connections” section), the CSS logs an error message and does not activate the
SSL proxy list. When you activate a content rule with a configured SSL service,
the CSS verifies that each VIP address configured in the content rule matches at
least one VIP address configured in the SSL proxy list in each of the added
services. If a match is not found, the CSS logs an error message and does not
activate the content rule.
For example, to specify a VIP address for the virtual SSL server that corresponds
to a VIP address configured in a content rule, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 vip address
192.168.3.6
To remove a VIP address from a specific virtual SSL server, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 vip address
Specifying a Virtual Port
The SSL module uses the virtual port to know which traffic it should accept. Use
the ssl-server number port number command to specify a virtual TCP port
number for the virtual SSL server. Enter a TCP port number that corresponds with
an SSL content rule, which uses the specified TCP port number.
Specify a port number from 1 to 65535. The default port is 443. Ensure that the
specified port number matches the port configured in a content rule (see the
“Configuring a Content Rule for SSL Termination” section).
If the virtual port has not been defined for the virtual SSL server when you
activate the SSL proxy list (see the “Specifying the Nagle Algorithm for SSL TCP
Connections” section), the CSS logs an error message and does not activate the
SSL proxy list. When you activate a content rule with a configured SSL service,
the CSS verifies that each virtual port configured in the content rule matches at
least one port configured in the SSL proxy list in each of the added services. If a
match is not found, the CSS logs an error message and does not activate the
content rule.
For example, to specify a virtual port of 444, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 port 444

Table of Contents

Other manuals for Cisco 11503 - CSS Content Services Switch

Preview: Administration Guide
Administration Guide392 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 11503 - CSS Content Services Switch and is the answer not in the manual?

Cisco 11503 - CSS Content Services Switch Specifications

General IconGeneral
BrandCisco
Model11503 - CSS Content Services Switch
CategorySwitch
LanguageEnglish

Related product manuals