×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Backend SSL - Service disruption

Unanswered Question
Dec 13th, 2003
User Badges:

Hi,

I was trying to configure the CSS11503 to do backend SSL to the servers. What I noticed was that in order to add new backend server to the ssl-proxy-list, there seems to be a lenthy process to accomplish this task:

1. Deactive the ssl-proxy-list

2. Add the new backend-server entry

3. Deactivate all the services that use the ssl-proxy-list

4. Active the ssl-proxy-list

5. Re-activate all services that have been suspended from step 3.


I assume while performing this process, access to the site via ssl will be not be allowed. If this is the case, how can one provide high availability site?

I hope there is a better way to do this with out disrupting services that I'm not aware of.

Thanks in advance for any information.

td

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
np Sat, 12/13/2003 - 02:15
User Badges:

From my experience rather than fact access is only effected between 3 and 5.


Perhaps there are there situations when it is unavailable after 1, say if it rule hasn't been used before


You can minimize the time using a script rather than typing


But there should a way to avoid it


Other than having to get 2 units

tdo_001 Sat, 12/13/2003 - 12:31
User Badges:

Yes, I hate to have to de-activate 20+ servers just to add one server manually. So a script would be a must then. This is just insane how it works...

Eventhough with 2 units, the SSL will not fail-over seamlessly I assume. From onther post (SSL - ASR) Gilles was mentioning that "If the SSL offloader is the SSL module inside the CSS, then ASR does not work."

Thanks,

td



Actions

This Discussion