CSS11506 - Getting there but still a bit more help

Unanswered Question

Currently terminating SSL connection on CSS with backend webserver connected to isolated vlan off CSS module. This now seems to be working well. However my next step is I have a need to move the backend server off the CSS completely and back into our production LAN. I have been told I dont need to have my server connected to the CSS. Here is my config. Can someone have a look at it and let me know what do I need to do in order to make this move happen ?

CSS11506# sh run

!Generated on 05/12/2007 17:00:20

!Active version: sg0720003


!*************************** GLOBAL ***************************

ssl associate rsakey myrsakey1 CSSrsakey1

ssl associate cert myrsacert1 CSScertfile1

ssl associate rsakey myrsakey2 CSSrsakey2

ssl associate cert myrsacert2 CSScertfile2

ip route 1

!************************* INTERFACE *************************

interface 5/13

description "Client Side"

bridge vlan 10

interface 5/15

bridge vlan 20

description "Server side"

!************************** CIRCUIT **************************

circuit VLAN10

ip address 204.x.x.163

circuit VLAN20

ip address

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list sslfrinew

ssl-server 97

ssl-server 97 vip address

ssl-server 97 cipher rsa-with-des-cbc-sha 80

ssl-server 97 cipher rsa-with-3des-ede-cbc-sha 80

ssl-server 97 cipher rsa-with-rc4-128-sha 80

ssl-server 97 cipher rsa-with-rc4-128-md5 80

ssl-server 97 rsacert myrsacert1

ssl-server 97 rsakey myrsakey1

ssl-server 97 urlrewrite 24 http://www.test.com


!************************** SERVICE **************************


type ssl-accel

keepalive type none

slot 6

add ssl-proxy-list sslfrinew


service http_backend

ip address

port 80

protocol tcp


!*************************** OWNER ***************************

owner Dave

content SSLFriday

vip address

application ssl

add service SSLFRIDAY

protocol tcp

port 443


content decrypt_www

vip address

add service http_backend

port 80

protocol tcp



Thanks again


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion