Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS 11503 and SSL configuration

Please could someone guide me in the correct direction. I have a CSS 11503 that I am using in a test environment and I want to be able to terminate SSL to the device and then balance unencrypted to back end web servers. When I bought this I read the brief on the CSS 11503 http://www.cisco.com/en/US/customer/prod/collateral/contnetw/ps5719/ps792/product_data_sheet0900aecd800f851e.html This says that SSL termination is possible and does not state anything about needing a SSL module. Please could you advise if this is correct ?

I am able to setup the CSS to the point where I try activate the SSL service and keep getting a BAD IP ADDRESS when I type the active command.

This is my config so if someone could guide me it would be great.

CSS11503(config)# service ssl_im1

CSS11503(config-service[ssl_im1])# active

%% Bad IP Address

CSS11503# show startup-config

!Generated on 07/07/2009 12:28:32

!Active version: sg0810106

configure

!*************************** GLOBAL ***************************

ssl associate rsakey imrsakey imrsakey

ip route 0.0.0.0 0.0.0.0 192.168.33.1 1

!************************* INTERFACE *************************

interface 2/6

bridge vlan 35

!************************** CIRCUIT **************************

circuit VLAN1

ip address 192.168.33.2 255.255.255.0

circuit VLAN35

ip address 192.168.35.1 255.255.255.0

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list ssl_proxy1

ssl-server 10

ssl-server 10 rsacert imcert

ssl-server 10 rsakey imrsakey

ssl-server 10 vip address 192.168.33.11

ssl-server 10 cipher rsa-export-with-rc4-40-md5 192.168.35.11 80

active

!************************** SERVICE **************************

service EUHS1WEB20

keepalive type http

port 80

protocol tcp

ip address 192.168.35.20

active

service ssl_im1

keepalive type none

add ssl-proxy-list ssl_proxy1

!*************************** OWNER ***************************

owner im.com

content http-rule

protocol tcp

port 80

add service EUHS1WEB20

vip address 192.168.35.11

content ssl-rule

protocol tcp

port 443

add service ssl_im1

vip address 192.168.33.11

CSS11503#

Thank you in advance

2 REPLIES
Cisco Employee

Re: CSS 11503 and SSL configuration

You need an ssl module to do ssl encryption/decryption.

G.

New Member

Re: CSS 11503 and SSL configuration

I thought as much, love the way cisco gives you information as per document I attached saying SSL termination is possible then no indication or caveat that an SSL module is needed

252
Views
0
Helpful
2
Replies