Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
282
Views
0
Helpful
1
Replies

SSL-M integration into a 6500 environment with a CSM in one-arm mode with PBR

bsherman54
Level 1
Level 1

‎01-11-2010 12:54 PM - edited ‎03-06-2019 09:14 AM

Ok..so I seem to have the TAC befuddled so I'm going to come here as well.

I have a 6509 with a CSM blade and a SSL-M blade installed.  The CSM is configured and working properly in a one-arm mode and we are tring to get the SSL-M integrated into the flow.  I can get the SSL-M to present the certificate, but response flow from the server REAL back to the client is getting hung it appears.  Even outside of talking through the CSM, the SSL-M does not seem to be functioning correctly. I think if I can get the SSL-M to just return traffic from a server REAL through to the client, the CSM integration would then be fall down.  Can someone help me with this as I am obviously missing something.  SSL-M is running 3.1(4).  The server real responds on port 81 and I can telnet to the port from the SSL-M.  If someone wants more of the config, I will attach it.  Right now I just want traffic to flow correctly through the SSL-M, I'll integrate the CSM into the mix later.

Some config information:

Begin 6500 CONFIG CLIP

---------------------------------------------------------------------------------------------

interface Vlan4 **Vlan the SSL-M is connected to on MSFC**
ip address 10.4.0.1 255.255.0.0
ip flow ingress
end

interface Vlan80 **Vlan the server is connected to on MSFC**
ip address 10.80.0.1 255.255.0.0
ip flow ingress
end

Begin SSL-M CONFIG CLIP

----------------------------------------------------------------------------------------------

ssl-proxy context Default
!
service SSLTEST
  virtual ipaddr 10.80.110.214 protocol tcp port 4443
  server ipaddr 10.80.100.214 protocol tcp port 81
  certificate rsa general-purpose trustpoint windows-iis6
  inservice

interface SSL-Proxy0
no ip address
no ip route-cache
hold-queue 2048 in
!
interface SSL-Proxy0.1
encapsulation dot1Q 4
ip address 10.4.1.10 255.255.0.0
no ip route-cache
!
interface SSL-Proxy0.80
encapsulation dot1Q 80
ip address 10.80.0.254 255.255.0.0
no ip route-cache
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.4.0.1

Begin Server Network Config info

-------------------------------------------------------------------------------

IP address 10.80.100.214/16

Default gateway 10.80.0.1 (Vlan of MSFC)

Labels:
0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-23-2010 12:30 PM

Hello William,

I hope TAC has been of help.

Actually this was more a question for the data center forums - application networking where you could find better help

see

https://supportforums.cisco.com/community/netpro/data-center/application-network

Best Regards

Giuseppe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card