Re: A few Questions to settle the mist

ravi.saini · ‎01-23-2004

Hi Gilles,

I am currently involved in configuring a couple of css11503's with SSL module. I have configured ssl services typically using the transparent proxy configuration. This works great. The client now has a requirement to redirect the HTTP service to HTTPS. I have read the document 'redirect configuration on the css 11000. and can see how it works. However I am not sure how this would combine with my existing transparent proxy configuration. I am able to email my existing configuration. I am also wary of minimum disruption.

I also have two css's default spec ( 11501-SK9). When I boot up both the css's return to OffDM. when I try to set Primary Boot, it is not offering me to select the Disc. Is this Disc primarilly concerned only if there is a PCMCIA card inserted? As the css is purchased with no upgrade, how may I get it to boot up the CSS-IOS.

Much Appreciated

Ravi

Gilles Dufour · ‎01-23-2004

normally, you have an HTTPS content rule.

This rule catches traffic to VIP x.x.x.x on port 443.

So, you just need to create a new content rule for the same VIP x.x.x.x and this time port 80.

Then you can add a redirect service.

If your SSL module was going back to the CSS to a content rule with VIP x.x.x.x port 80 already, you will need to change this to port 81 or whatever but not port 80.

This will require that every service be configured with a port 80 to translated from 81 to the normal port.

You can send me your configre at gdufour@cisco.com if you want me to verify.

Gilles.