CSS11506 - Getting there but still a bit more help

Unanswered Question

Currently terminating SSL connection on CSS with backend webserver connected to isolated vlan off CSS module. This now seems to be working well. However my next step is I have a need to move the backend server off the CSS completely and back into our production LAN. I have been told I dont need to have my server connected to the CSS. Here is my config. Can someone have a look at it and let me know what do I need to do in order to make this move happen ?


CSS11506# sh run

!Generated on 05/12/2007 17:00:20

!Active version: sg0720003


configure



!*************************** GLOBAL ***************************

ssl associate rsakey myrsakey1 CSSrsakey1

ssl associate cert myrsacert1 CSScertfile1

ssl associate rsakey myrsakey2 CSSrsakey2

ssl associate cert myrsacert2 CSScertfile2


ip route 0.0.0.0 0.0.0.0 204.101.28.161 1


!************************* INTERFACE *************************

interface 5/13

description "Client Side"

bridge vlan 10


interface 5/15

bridge vlan 20

description "Server side"


!************************** CIRCUIT **************************

circuit VLAN10


ip address 204.x.x.163 255.255.255.224


circuit VLAN20


ip address 10.10.10.1 255.255.255.0


!*********************** SSL PROXY LIST ***********************

ssl-proxy-list sslfrinew

ssl-server 97

ssl-server 97 vip address 204.101.28.166

ssl-server 97 cipher rsa-with-des-cbc-sha 10.10.10.10 80

ssl-server 97 cipher rsa-with-3des-ede-cbc-sha 10.10.10.10 80

ssl-server 97 cipher rsa-with-rc4-128-sha 10.10.10.10 80

ssl-server 97 cipher rsa-with-rc4-128-md5 10.10.10.10 80

ssl-server 97 rsacert myrsacert1

ssl-server 97 rsakey myrsakey1

ssl-server 97 urlrewrite 24 http://www.test.com

active



!************************** SERVICE **************************

service SSLFRIDAY

type ssl-accel

keepalive type none

slot 6

add ssl-proxy-list sslfrinew

active


service http_backend

ip address 10.10.10.10

port 80

protocol tcp

active


!*************************** OWNER ***************************


owner Dave


content SSLFriday

vip address 204.101.28.166

application ssl

add service SSLFRIDAY

protocol tcp

port 443

active


content decrypt_www

vip address 10.10.10.5

add service http_backend

port 80

protocol tcp

active


CSS11506#


Thanks again


Dave

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion