SSL-M integration into a 6500 environment with a CSM in one-arm mode with PBR

Unanswered Question
Jan 11th, 2010
User Badges: I seem to have the TAC befuddled so I'm going to come here as well.

I have a 6509 with a CSM blade and a SSL-M blade installed.  The CSM is configured and working properly in a one-arm mode and we are tring to get the SSL-M integrated into the flow.  I can get the SSL-M to present the certificate, but response flow from the server REAL back to the client is getting hung it appears.  Even outside of talking through the CSM, the SSL-M does not seem to be functioning correctly. I think if I can get the SSL-M to just return traffic from a server REAL through to the client, the CSM integration would then be fall down.  Can someone help me with this as I am obviously missing something.  SSL-M is running 3.1(4).  The server real responds on port 81 and I can telnet to the port from the SSL-M.  If someone wants more of the config, I will attach it.  Right now I just want traffic to flow correctly through the SSL-M, I'll integrate the CSM into the mix later.

Some config information:

Begin 6500 CONFIG CLIP


interface Vlan4 **Vlan the SSL-M is connected to on MSFC**
ip address
ip flow ingress

interface Vlan80 **Vlan the server is connected to on MSFC**
ip address
ip flow ingress



ssl-proxy context Default
service SSLTEST
  virtual ipaddr protocol tcp port 4443
  server ipaddr protocol tcp port 81
  certificate rsa general-purpose trustpoint windows-iis6

interface SSL-Proxy0
no ip address
no ip route-cache
hold-queue 2048 in
interface SSL-Proxy0.1
encapsulation dot1Q 4
ip address
no ip route-cache
interface SSL-Proxy0.80
encapsulation dot1Q 80
ip address
no ip route-cache
ip classless
ip route

Begin Server Network Config info


IP address

Default gateway (Vlan of MSFC)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion