CSS 11503 and SSL configuration

Unanswered Question

Please could someone guide me in the correct direction. I have a CSS 11503 that I am using in a test environment and I want to be able to terminate SSL to the device and then balance unencrypted to back end web servers. When I bought this I read the brief on the CSS 11503 http://www.cisco.com/en/US/customer/prod/collateral/contnetw/ps5719/ps792/product_data_sheet0900aecd800f851e.html This says that SSL termination is possible and does not state anything about needing a SSL module. Please could you advise if this is correct ?

I am able to setup the CSS to the point where I try activate the SSL service and keep getting a BAD IP ADDRESS when I type the active command.

This is my config so if someone could guide me it would be great.

CSS11503(config)# service ssl_im1

CSS11503(config-service[ssl_im1])# active

%% Bad IP Address

CSS11503# show startup-config

!Generated on 07/07/2009 12:28:32

!Active version: sg0810106


!*************************** GLOBAL ***************************

ssl associate rsakey imrsakey imrsakey

ip route 1

!************************* INTERFACE *************************

interface 2/6

bridge vlan 35

!************************** CIRCUIT **************************

circuit VLAN1

ip address

circuit VLAN35

ip address

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list ssl_proxy1

ssl-server 10

ssl-server 10 rsacert imcert

ssl-server 10 rsakey imrsakey

ssl-server 10 vip address

ssl-server 10 cipher rsa-export-with-rc4-40-md5 80


!************************** SERVICE **************************

service EUHS1WEB20

keepalive type http

port 80

protocol tcp

ip address


service ssl_im1

keepalive type none

add ssl-proxy-list ssl_proxy1

!*************************** OWNER ***************************

owner im.com

content http-rule

protocol tcp

port 80

add service EUHS1WEB20

vip address

content ssl-rule

protocol tcp

port 443

add service ssl_im1

vip address


Thank you in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Tue, 07/07/2009 - 04:56
User Badges:
  • Cisco Employee,

You need an ssl module to do ssl encryption/decryption.



This Discussion