CSS11501# show run !Generated on 04/11/2008 14:51:35 !Active version: sg0810401 configure !*************************** GLOBAL *************************** date european-date username kibadmin des-password ra2hih6gzehbzfkc superuser bridge spanning-tree disabled ssl associate rsakey RSAKIB RSAKIB.pem ssl associate cert CERTCOM certcom.pem ftp-record FTP 172.20.50.100 walter des-password ifpbjhqg5azcvb3g ip management route 172.20.100.0 255.255.255.0 172.20.50.1 ip route 0.0.0.0 0.0.0.0 192.168.7.1 1 !************************* INTERFACE ************************* interface e1 phy 100Mbits-FD bridge vlan 4 interface e2 phy 100Mbits-FD bridge vlan 4 interface e3 phy 100Mbits-FD bridge vlan 2 interface e4 phy 100Mbits-FD bridge vlan 2 interface e7 isc-port-one phy 100Mbits-FD interface e8 phy 100Mbits-FD isc-port-two !************************** CIRCUIT ************************** circuit VLAN4 ip address 192.168.7.5 255.255.255.0 ip virtual-router 1 priority 110 preempt ip redundant-interface 1 192.168.7.50 ip redundant-vip 1 192.168.7.100 ip critical-service 1 AREYOUTHERE circuit VLAN2 ip address 192.168.201.1 255.255.255.0 ip virtual-router 2 priority 110 preempt ip redundant-interface 2 192.168.201.50 ip redundant-vip 2 192.168.201.100 ip critical-service 2 AREYOUTHERE !*********************** SSL PROXY LIST *********************** ssl-proxy-list KIB-Online-Offload-SSLProxy ssl-server 20 ssl-server 20 rsakey RSAKIB ssl-server 20 rsacert CERTCOM backend-server 10 backend-server 10 cipher rsa-export-with-rc4-40-md5 backend-server 10 port 81 backend-server 10 ip address 192.168.201.30 backend-server 10 server-ip 192.168.201.30 backend-server 20 backend-server 20 cipher rsa-export-with-rc4-40-md5 backend-server 20 port 81 backend-server 20 ip address 192.168.201.33 backend-server 20 server-ip 192.168.201.33 ssl-server 20 cipher rsa-with-rc4-128-md5 192.168.7.101 81 ssl-server 20 vip address 192.168.7.101 active !************************** SERVICE ************************** service AREYOUTHERE ip address 192.168.7.1 active service BACK-1 protocol tcp type ssl-accel-backend add ssl-proxy-list KIB-Online-Offload-SSLProxy port 81 keepalive type ssl keepalive port 443 ip address 192.168.201.30 service Back-2 protocol tcp type ssl-accel-backend add ssl-proxy-list KIB-Online-Offload-SSLProxy port 81 keepalive type ssl keepalive port 443 ip address 192.168.201.33 active service REAL-SERVER-1 protocol tcp port 443 keepalive port 443 keepalive type tcp ip address 192.168.201.30 redundant-index 1 active service REAL-SERVER-1:7002 protocol tcp keepalive port 7002 keepalive type tcp port 7002 ip address 192.168.201.30 redundant-index 2 active service REAL-SERVER-2 ip address 192.168.201.33 protocol tcp port 443 keepalive port 443 keepalive type tcp redundant-index 3 active service REAL-SERVER-2:7002 ip address 192.168.201.33 protocol tcp keepalive port 7002 keepalive type tcp port 7002 redundant-index 4 active service SSL-CERT add ssl-proxy-list KIB-Online-Offload-SSLProxy keepalive type none type ssl-accel slot 2 active !*************************** OWNER *************************** owner HTTP-REAL content HTTPS-7002 protocol tcp port 7002 vip address 192.168.7.100 add service REAL-SERVER-1:7002 add service REAL-SERVER-2:7002 redundant-index 5 active content HTTPS-REAL protocol tcp port 443 vip address 192.168.7.100 add service REAL-SERVER-1 add service REAL-SERVER-2 redundant-index 6 active owner KIB-SSL content SSL-BACKEND url "/*" add service Back-2 add service BACK-1 vip address 192.168.201.100 protocol tcp port 81 advanced-balance arrowpoint-cookie active content SSL-FRONT add service SSL-CERT protocol tcp port 443 application ssl vip address 192.168.7.101 active