05-24-2007 03:39 PM
Hi, im having issues with configuring a CSM-S. Our standard config with a content switch module and ssl module is to have the SSL proxy vlan on a differing layer-3 subnet, and the CSM bridging between the client & server vlan for non SSL loadbalacing. As I say this works fine with seperate modules
We have just deployed a CSM-S ( embedded ssl daughter card) We set up the same configs, but this doesnt seem to work. If you look at the arp cache on the CSM-S module, you see that SSL Proxy vlan is not in correct VLAN,it hence no communication flow between the CSM and the SSL daughter card.
can anyone help ?
05-25-2007 09:40 AM
Hi Nick
We use CSM-S modules in our data centres and we do exactly the same as you are trying ie.
we route to the SSL daughtercard and bridge to load-balanced servers.
Could you post your config and the version numbers of the CSM-S modules.
Jon
06-18-2007 12:19 AM
hi Jon ,
i have the same issue. i have pasted my config below..pls validate.
HTTP traffic for 10.6.100.232 on port 80 for server Only
HTTPS traffic for 10.6.100.232 on port 443 for server Only
*****MSFC config *****
!
Vlan 801
description CSM-S_ADMIN_VLAN
ip address 10.6.78.2 255.255.255.240
standby 1 priority 100 preempt
standby 1 ip 10.6.78.1
!
!
Vlan 32
description SSL Offload TRAFFIC_VLAN
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
CSM-S service module configuration
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Current configuration : 866 bytes
module ContentSwitchingModule 5
ft group 250 vlan 996
priority 20
heartbeat-time 5
failover 4
preempt
!
vlan 10 client
ip address 10.6.100.3 255.255.255.0
!
vlan 800 server
ip address 10.6.100.3 255.255.255.0
!
vlan 801 server
description CSM-S_ADMIN_VLAN
ip address 10.6.78.5 255.255.255.240
!
vlan 32 server
description SSL_Offload TRAFFIC_VLAN
ip address 10.6.32.5 255.255.255.128
alias 10.6.32.1 255.255.255.128
!
serverfarm NEW_y
nat server
no nat client
failaction reassign
real 10.6.100.233 80
inservice
real 10.6.100.234 80
inservice
!
vserver NEW_y
virtual 10.6.100.235 tcp www
serverfarm NEW_y
replicate csrp connection
persistent rebalance
inservice
!
serverfarm WEBSSL
nat server
no nat client
real 10.6.32.7 local
inservice
!
vserver VSSL
virtual 10.6.100.232 tcp https
serverfarm WEBSSL
persistent rebalance
inservice
!
end
@@@@@@@@
SSL Daughter card config
######################
ip domain name reiko.com
!
ip ssh rsa keypair-name ssh-key
!
!
ssl-proxy service sslterm
virtual ipaddr 10.6.32.7 255.255.255.128 protocol tcp port 443 secondary
server ipaddr 10.6.100.232 protocol tcp port 80
certificate rsa general-purpose trustpoint cc.reiko.com
inservice
ssl-proxy vlan 801
ipaddr 10.6.78.9 255.255.255.240
gateway 10.6.78.1
admin
ssl-proxy vlan 32
ipaddr 10.6.32.3 255.255.255.128
gateway 10.6.32.1
route 10.6.100.0 gateway 10.6.100.1
its is also not accepting the route command by saying that the next-hop is not directly attached.
TiA
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: