Config Info - CSS Newbie

Answered Question
Jan 31st, 2007

I can't figure out why this isn't working...it is basic config, and I am eventually trying to to back-end SSL termination. Need basic connectivity first though. If anyone can assist that would be great.

thanks in advance!

CSS11501# term len 0

CSS11501# sh run

!Generated on 01/15/2007 20:38:54

!Active version: sg0810106

configure

!*************************** GLOBAL ***************************

!************************* INTERFACE *************************

interface e1

phy 100Mbits-FD

description "SCTREC02"

bridge vlan 55

interface e2

phy 100Mbits-FD

description "SCTREC02-9/11"

bridge vlan 255

!************************** CIRCUIT **************************

circuit VLAN55

ip address 161.19.55.5 255.255.255.192

ip virtual-router 55

ip virtual-router 150 priority 105 preempt

ip redundant-interface 55 161.19.55.4

ip redundant-vip 150 161.19.55.8

circuit VLAN255

ip address 161.19.55.66 255.255.255.192

ip virtual-router 255

ip redundant-interface 255 161.19.55.65

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list SSL-PROXY

ssl-server 1

ssl-server 1 vip address 161.19.55.8

ssl-server 1 cipher rsa-with-rc4-128-md5 161.19.55.8 443

ssl-server 1 unclean-shutdown

ssl-server 1 ssl-queue-delay 0

backend-server 20

backend-server 20 ip address 161.19.55.75

backend-server 20 port 443

backend-server 20 cipher rsa-with-rc4-128-md5

backend-server 10

backend-server 10 ip address 161.19.55.74

backend-server 10 port 443

backend-server 10 cipher rsa-with-rc4-128-md5

!************************** SERVICE **************************

service sctam103:1-1

ip address 161.19.55.74

protocol tcp

port 443

keepalive type tcp

keepalive tcp-close fin

keepalive port 443

active

service sctam104:1-1

ip address 161.19.55.75

protocol tcp

port 443

keepalive type tcp

keepalive tcp-close fin

keepalive port 443

active

!*************************** OWNER ***************************

owner AMLDAP

content services-sys:ssl

vip address 161.19.55.8

protocol tcp

port 443

add service sctam103:1-1

add service sctam104:1-1

active

CSS11501#

I have this problem too.
0 votes
Correct Answer by rob.kennedy about 9 years 7 months ago

try setup a group -

group

add destination service sctam103:1-1

add destination service sctam104:1-1

vip address 161.19.55.8

active

I had to add this in the first time I used the CSS models as the return HTTP traffic was coming back with the real server IP rather than the VIP IP. You should run an ethereal trace to see what responses you are getting.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
rob.kennedy Mon, 02/05/2007 - 09:02

try setup a group -

group

add destination service sctam103:1-1

add destination service sctam104:1-1

vip address 161.19.55.8

active

I had to add this in the first time I used the CSS models as the return HTTP traffic was coming back with the real server IP rather than the VIP IP. You should run an ethereal trace to see what responses you are getting.

Actions

This Discussion