SSL Reverse proxy

9tpanaitescu · ‎10-06-2008

Does Cisco have an appliance to act like a SSL reverse proxy ? We have a web application that we need to secure via SSL and we are exploring the posssibility of using SSL appliances instead of using SSL directly on the web server

ovt · ‎10-06-2008

Any router or an ASA firewall can be used as an SSL proxy with their WebVPN capability. Or take a look at 6500 ACe module, but this is expensive.

9tpanaitescu · ‎10-07-2008

Hi, thanks for your reply. Can you please point me to some documentation on how to do this etc. ?

Thanks,

mhellman · ‎10-07-2008

You probably want to use a real reverse proxy/load balancer. Take a look at the CSS.

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/ssl/guide/overview.html#wp999771

9tpanaitescu · ‎10-07-2008

Hi. Thanks for your reply. Aren't the CSS 11500 series on the end-of-life list ? AFAIK they are EOL since 2006 ? Any equivalent Cisco products out there ?

Thanks,

T

mhellman · ‎10-07-2008

No. You're probably thinking of this.

http://www.cisco.com/en/US/prod/collateral/contnetw/ps5719/ps792/prod_end-of-life_notice0900aecd804882de.htmletin0900aecd803f859f.html

9tpanaitescu · ‎10-07-2008

That's correct, that was the page I was looking at. I think the CSS SSL 11501 switch wwould do it. Any other considerations/docs/etc. that I should look at ?

Thanks,

T

mhellman · ‎10-07-2008

I honestly don't know a ton about them, a different group configures them where I work. I do know a bit about proxies in general and I'm pretty sure they'll do what you're talking about (SSL termination is what it's typically called).

Have a look at the data center-->application networking forum. There's plenty of help to be had there should you need it.