Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Adding x2 SCA2 to current x2 CSS active:active setup

Current setup is x2 CSS11051 which works in an active:active configuration (one customer busines are on each but with mutual failover over multiple vlans).

Requirement is to add x2 SCA2's 11000 for SSL offloading. From the documentation I think that the the best configuration will be one-armed transparent proxy. I need to confirm a couple a couple of things:

- that it is possible to load balance to the SCA devices (and allow for the failure of one SCA and with no discernable disruption to service).

- is it okay to post the config so someone to scan through to check the setup for i/ load balancing to the SCA and then ii/ subsequent load balancing to the web servers.

- why separate vlans are needed for each SCA ?

A colleaque of mine is favouring having an SCA aligned to a CSS and in the event of an SCA failure that the second CSS senses this and fails over. Not sure if this is possible, I personally favour one-armed transparent approach.

Any recommendations would be great, I just cant see resiliant CSS's and SCA's examples documented anywhere.


Re: Adding x2 SCA2 to current x2 CSS active:active setup

The document below shows a sample configuration for one-armed proxy setup using a CSS and SCA.

This is the most scalable configuration, and is easy to troubleshoot.

You will find documents on load balancing at the following url.

Cisco Employee

Re: Adding x2 SCA2 to current x2 CSS active:active setup

SEe figure B6 in the example above.

This is an example with multiple SCA.

I confirmed you need separate vlan for this setup to work - however I can't find the explanation anymore.

You can post your configs if you want, I'll review them.


CreatePlease to create content