12-16-2008 01:36 PM
There are two vlans (vlan 151 and 443)on ssl module. One is for mangement and another one is for server. I think I need to setup "ssl-proxy module X allowed-vlan 151,443" on our core switch. I know that module is located on blade 5 on that core. But when i tried to type ssl-proxy module 5 allowed-vlan 151,443, i got the error message (Unrecognized command). Do I have to do other additional settings about that?
please advice. Thanks a lot:)
12-16-2008 05:21 PM
"ssl-proxy module X allowed-vlan" commmand is only needed for SSL module (SSLM).Since you have CSM-S in module X you dont need this command.
Unlike SSLM You just need to put in a definition for vlan X into the csm config (for SSL daughter card):
vlan 151 client
ip address 1.1.1.100 255.255.255.0
HTH
Syed Iftekhar Ahmed
12-17-2008 12:51 PM
Actually we had an individual CSM and SSL module in our data center. Now we added a CSM-S module in another site .I want to move "individual" settings to the new one. But I found this was totally different. I will the send to your configuration. I will appreciate it if you could give me any support.
There are two Vlans on our SSL module, one is vlan 151 for admin (communication with MSFC),another one is vlan 443 for CSM traffic. Both vlan 1064 and 1068 are for CSM part.
In our core switch:
vlan 443 server
description *** SSL-TRAFFIC-VLAN ***
ip address 10.129.64.4 255.255.254.0
!
vlan 151 client
ip address 172.29.151.100 255.255.255.0
vlan 1064 client
ip address 10.129.64.4 255.255.254.0
gateway 10.129.64.1
alias 10.129.64.6 255.255.254.0
!
vlan 1068 server
ip address 10.129.68.4 255.255.252.0
alias 10.129.68.6 255.255.252.0
vserver A-SSL
virtual 10.129.64.13 tcp https
serverfarm SSL-TRAFFIC
replicate csrp connection
persistent rebalance
parse-length 4000
inservice
serverfarm SSL-TRAFFIC
no nat server
no nat client
predictor leastconns
failaction purge
real 10.129.64.10
inservice
probe ICMP
In our SSL module
ssl-proxy vlan 443
ipaddr 10.129.64.10 255.255.254.0
gateway 10.129.64.1
ssl-proxy vlan 151
ipaddr 172.29.151.71 255.255.255.0
gateway 172.29.151.1
admin
ip route 0.0.0.0 0.0.0.0 172.29.151.1
But from my workstation, I could ping 172.29.151.71 instead of 10.129.64.10. So serverfarm SSL-TRAFFIC is out of service. I followed the settings from âindividualâ one. But I think something is wrong. please give advice!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide