SSL config

Unanswered Question
Jun 18th, 2008
User Badges:

Dear Sir,

I have a pair of 11501, which load balance two SSL server behind them. The cert is stored in SSL server( & 21). The external vip is

I read the SSL Config Gide and made the below configuration. Can you check if my config below is ok?

ssl-proxy-list PIS-SSL-LIST

backend-server 1

backend-server 1 type backend-ssl

backend-server 1 ip address

backend-server 1 server-ip

backend-server 1 version ssl3

backend-server 1 session-cache 300

backend-server 1 tcp virtual ack-delay 0

backend-server 2

backend-server 2 type backend-ssl

backend-server 2 ip address

backend-server 2 server-ip

backend-server 2 version ssl3

backend-server 2 session-cache 300

backend-server 2 tcp virtual ack-delay 0



type ssl-accel-backend

ip address

add ssl-proxy-lit PIS-SSL-LIST



content PIS-SSL-VIP-1

vip adddress

port 80

advanced-balance arrowpoint-cookie

url "/*"

add service PIS-SSL-SERVICE



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Gilles Dufour Sun, 06/22/2008 - 22:17
User Badges:
  • Cisco Employee,

this is totally wrong unfortunately.

What are you trying to achieve here ?

Normally the connection between CSS and server does not need to be encrypted because they are close to each other.

You probably want to encrypt the connection from the client to the CSS since this connection goes throug the Internet.

Is this what you need ?

Here are sample configs:

backend-ssl is @

SSL Transparent Proxy Configuration - HTTP and Back-End SSL Servers

You will see that you did many mistakes, like ip addresses used in the ssl-proxy-list.



This Discussion