Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
0
Helpful
2
Replies

CSM-S issue

nickrourke
Level 1
Level 1

‎05-24-2007 03:39 PM

Hi, im having issues with configuring a CSM-S. Our standard config with a content switch module and ssl module is to have the SSL proxy vlan on a differing layer-3 subnet, and the CSM bridging between the client & server vlan for non SSL loadbalacing. As I say this works fine with seperate modules

We have just deployed a CSM-S ( embedded ssl daughter card) We set up the same configs, but this doesnt seem to work. If you look at the arp cache on the CSM-S module, you see that SSL Proxy vlan is not in correct VLAN,it hence no communication flow between the CSM and the SSL daughter card.

can anyone help ?

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎05-25-2007 09:40 AM

Hi Nick

We use CSM-S modules in our data centres and we do exactly the same as you are trying ie.

we route to the SSL daughtercard and bridge to load-balanced servers.

Could you post your config and the version numbers of the CSM-S modules.

Jon

0 Helpful

ghias
Level 1
Level 1
In response to Jon Marshall

‎06-18-2007 12:19 AM

hi Jon ,

i have the same issue. i have pasted my config below..pls validate.

HTTP traffic for 10.6.100.232 on port 80 for server Only

HTTPS traffic for 10.6.100.232 on port 443 for server Only

*****MSFC config *****

!

Vlan 801

description CSM-S_ADMIN_VLAN

ip address 10.6.78.2 255.255.255.240

standby 1 priority 100 preempt

standby 1 ip 10.6.78.1

!

!

Vlan 32

description SSL Offload TRAFFIC_VLAN

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

CSM-S service module configuration

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Current configuration : 866 bytes

module ContentSwitchingModule 5

ft group 250 vlan 996

priority 20

heartbeat-time 5

failover 4

preempt

!

vlan 10 client

ip address 10.6.100.3 255.255.255.0

!

vlan 800 server

ip address 10.6.100.3 255.255.255.0

!

vlan 801 server

description CSM-S_ADMIN_VLAN

ip address 10.6.78.5 255.255.255.240

!

vlan 32 server

description SSL_Offload TRAFFIC_VLAN

ip address 10.6.32.5 255.255.255.128

alias 10.6.32.1 255.255.255.128

!

serverfarm NEW_y

nat server

no nat client

failaction reassign

real 10.6.100.233 80

inservice

real 10.6.100.234 80

inservice

!

vserver NEW_y

virtual 10.6.100.235 tcp www

serverfarm NEW_y

replicate csrp connection

persistent rebalance

inservice

!

serverfarm WEBSSL

nat server

no nat client

real 10.6.32.7 local

inservice

!

vserver VSSL

virtual 10.6.100.232 tcp https

serverfarm WEBSSL

persistent rebalance

inservice

!

end

@@@@@@@@

SSL Daughter card config

######################

ip domain name reiko.com

!

ip ssh rsa keypair-name ssh-key

!

!

ssl-proxy service sslterm

virtual ipaddr 10.6.32.7 255.255.255.128 protocol tcp port 443 secondary

server ipaddr 10.6.100.232 protocol tcp port 80

certificate rsa general-purpose trustpoint cc.reiko.com

inservice

ssl-proxy vlan 801

ipaddr 10.6.78.9 255.255.255.240

gateway 10.6.78.1

admin

ssl-proxy vlan 32

ipaddr 10.6.32.3 255.255.255.128

gateway 10.6.32.1

route 10.6.100.0 gateway 10.6.100.1

its is also not accepting the route command by saying that the next-hop is not directly attached.

TiA

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents