css 11503 ssl in box to box redundancy

Unanswered Question
Aug 6th, 2008

Hi all,

I have 2 css11503's in active/passive redundancy config. When using the commit_redundConfig command the ssl does not copy across correctly. I have cleared the standby box and started again, but with no luck. The config guides I have found offer little info on the ssl redundancy, just the normal IP redundancy, the question is should I configure the ssl config and import the certs on both boxes and then commit the redundant config when I have verified the ssl config on the standby unit? It is a live network so I don't have much opportunity to mess around,

Thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
jsivulka Tue, 08/12/2008 - 14:24

Configure box-to-box redundancy when you:

•Expect the behavior of the CSSs to be active/standby (only the master CSS processes flows). Can configure a dedicated Fast Ethernet (FE) link between the CSSs for the VRRP heartbeat. Do not configure box-to-box redundancy when you:

•Expect the behavior of the CSSs to be active-active (both CSSs processing flows). Use VIP redundancy instead.

•Cannot configure a dedicated FE link between the CSSs.

The following URLs may help you:

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_example09186a0080228179.shtml

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.40/configuration/redundancy/guide/ASR.html#wp1061278

qubenetworks Wed, 08/13/2008 - 00:54

Thanks,got the boxes set up in active passive mode, in a one arm bandit type config, thats all fine, I just cant find anything anywhere that tells me if I have to set up the ssl part seperately on both boxes, coming to the conclusion I will have to do it that way but the docs aren't clear on the issue, they all seem to treat the ssl and redundancy seperately. Not top keen to mess around too much as its live at the moment, thanks

Actions

This Discussion