Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
587
Views
0
Helpful
6
Replies

CSS Full Proxy example in doc's seems in error

burkemccrory
Level 1
Level 1

‎04-19-2006 02:57 PM

I am confused over the example in Cisco's documentation on how to set up a full proxy ssl. Here is the link to the web page with the example. http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_750/sslgd/examples.htm#wp999253

What I do not understand is where does the new source address (192.168.7.200) come from. I understand the underlying concepts and theory on how this works. But the example code does not seem to match the description of the example?

Burke McCrory

Internet Administrator

Oklahoma Tax Commission

IT Division

bmccrory@tax.ok.gov

Labels:
0 Helpful
6 Replies 6

Gilles Dufour
Cisco Employee
Cisco Employee

‎04-20-2006 03:42 AM

the only place where I see this ip on the document you referenced is line

vip address 192.168.7.200

So, this ip is just a vip address.

Could you be more precise where you see this address in the example.

Thanks,

Gilles.

0 Helpful

burkemccrory
Level 1
Level 1
In response to Gilles Dufour

‎04-20-2006 07:48 AM

I agree it is a VIP address what I can not find is where it is in the commands that are shown to set it up. The group ssl_module_proxy has a VIP but it is 192.168.8.1 . The VIP address of 192.168.7.200 is no where in the command list. I am sure that it is something simple but I still can not see it.

0 Helpful

sundarr
Level 1
Level 1
In response to burkemccrory

‎06-14-2006 02:24 AM

Hi ,

Any update related to 192.168.8.1 vip configured on that example.

We have to test a similar scenario and I am trying to find the relation of that address.

regards

R.Sundara Rajan

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to sundarr

‎06-14-2006 03:54 AM

the error is in the diagram related to

"SSL Initiation Between a CSS and One Data Center"

The correct config should replace 192.168.7.200 with 172.16.1.200.

This has been corrected in the next release.

http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_810/sslgd/examples.htm

Gilles.

0 Helpful

sundarr
Level 1
Level 1
In response to Gilles Dufour

‎06-14-2006 06:40 AM

Hi Gilles,

Referring the SSL Full Proxy Configuration - One SSL Module . Configured as below.

--------------------------------

group ssl_module_proxy

add destination service ssl_module1

add destination service ssl_module2

vip address 192.168.8.1

active

-----------------------

In that 192.168.8.1 is no where mentioned in the doucment.

If you could clarify it will be really helpful

regards

R.Sundara Rajan

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to sundarr

‎06-14-2006 11:11 PM

This is a "group" config which is uses to do client nat. We use this option in one-armed design or when the server are not using the CSS as a default gateway.

This a way to guarantee that the response comes back to the CSS.

The vip can be any ip address.

The ip address in the config should be 192.168.7.200 to match the diagram.

[see the client ip address was nated as well as the vip address].

I have to admit this part of the config is somewhat misleading as it is absolutely not required.

I hope this helps.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents