Keepalives from CSS to SSLM(cat6500 blade)

Unanswered Question
Jun 13th, 2007

I'm moving from SCA2's to SSLM's(cat6500 Blade), We are using the config below and it works fine but I require to do keepalives to each of the ssl-proxy services.

I've tried to config it the way it was done on the SCA config by using the same IP but changing the ports for each services but SSL-M didn't like this.

Any suggestions ?

content test

protocol tcp

port 443

redundant-index 3

vip address xx.xx.56.156

balance srcip

add service PRTSSL001-UKGR

add service PRTSSL002-UKGR

active

service PRTSSL001-UKGR

redundant-index 103

ip address 172.16.18.71

type transparent-cache

active

ssl-proxy service test

virtual ipaddr xx.xx.58.156 protocol tcp port 443 secondary

virtual policy ssl prtpolicy

server ipaddr 172.16.18.68 protocol tcp port 8050

certificate rsa general-purpose trustpoint yyyyyyyyyyyyy

no nat server

trusted-ca PRT-CA

authenticate verify all

inservice

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
brispin Wed, 06/20/2007 - 10:57

You can use SSL probes on the CSM by use of the TCL script. It is not a true SSL probe, but it will send a SSL client hello and expect a SSL server hello. Example config probe sslProbe script #script SSL_PROBE [0]

Actions

This Discussion