css 11503 ssl in box to box redundancy

Unanswered Question
Aug 6th, 2008
User Badges:

Hi all,

I have 2 css11503's in active/passive redundancy config. When using the commit_redundConfig command the ssl does not copy across correctly. I have cleared the standby box and started again, but with no luck. The config guides I have found offer little info on the ssl redundancy, just the normal IP redundancy, the question is should I configure the ssl config and import the certs on both boxes and then commit the redundant config when I have verified the ssl config on the standby unit? It is a live network so I don't have much opportunity to mess around,

Thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
jsivulka Tue, 08/12/2008 - 14:24
User Badges:
  • Bronze, 100 points or more

Configure box-to-box redundancy when you:

•Expect the behavior of the CSSs to be active/standby (only the master CSS processes flows). Can configure a dedicated Fast Ethernet (FE) link between the CSSs for the VRRP heartbeat. Do not configure box-to-box redundancy when you:

•Expect the behavior of the CSSs to be active-active (both CSSs processing flows). Use VIP redundancy instead.

•Cannot configure a dedicated FE link between the CSSs.

The following URLs may help you:



qubenetworks Wed, 08/13/2008 - 00:54
User Badges:

Thanks,got the boxes set up in active passive mode, in a one arm bandit type config, thats all fine, I just cant find anything anywhere that tells me if I have to set up the ssl part seperately on both boxes, coming to the conclusion I will have to do it that way but the docs aren't clear on the issue, they all seem to treat the ssl and redundancy seperately. Not top keen to mess around too much as its live at the moment, thanks


This Discussion