cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
853
Views
0
Helpful
2
Replies

SCA 11000 and redundant setup

ns
Level 1
Level 1

Hi,

I have a few questions about the SCA and how it works in a redundant mode.

1. It has a DB-9 connector for failover, I guess this means that it supports redundancy like the PIX active:pasive. Is this correct? Theres is no example of this in the documentation for it (or at least I haven't found it).

2. It seems that it only needs 1 IP address, where do I configure it? On the outside or the inside interface?

3. An extention to the above question. The setup that I have is 2 redundant FWs connected to the internet and to the SCAs (2) which are connected to the servers (2). Do I configure NAT in the FWs? Or do I leave it as it is, right now I don't use NAT, as its not necesary.

Any help is much appreciated.

Thanks,

Niels Sommer

2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

1/ I don't think this port is actually being used.

There is no failover configuration option in the SCA.

But usually an SCA is being used with a loadbalancer so you can let the loadbalancer failover from one SCA to the other.

2/ See the installation guide

http://www.cisco.com/en/US/products/hw/contnetw/ps2083/products_configuration_guide_chapter09186a0080163ffb.html#1019232

If using one-port mode you need to use a specific interface and configure the ip address on this interface.

3/ If you have 2 SCA and 2 servers, you should use the SCA in inline mode. Use it in transparent mode, so you don't need to change anything to your current topology. Just insert the SCA in front of the server [plug the server in the server interface, and plug the connection to the network in the network interface]

Then use the GUI to configure the SSL services.

This is basically the same as a transparent config with a CSS but slightly different.

Unfortunately this is not documented because 99.9% of the time the SCA is used a loadbalancer.

Gilles.

Thanks Gilles,

1. It actually states that on the datasheet... that this port is for failover... but you answered my question. We won't be using a CSS or any other balancer in this setup :-(

2. Thanks.

3. Great, less downtime!! You mention transparent mode and in-line mode can I configure both at the same time?

Thanks,

Niels

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: