Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS 11503 and SSL configuration

Please could someone guide me in the correct direction. I have a CSS 11503 that I am using in a test environment and I want to be able to terminate SSL to the device and then balance unencrypted to back end web servers. When I bought this I read the brief on the CSS 11503 This says that SSL termination is possible and does not state anything about needing a SSL module. Please could you advise if this is correct ?

I am able to setup the CSS to the point where I try activate the SSL service and keep getting a BAD IP ADDRESS when I type the active command.

This is my config so if someone could guide me it would be great.

CSS11503(config)# service ssl_im1

CSS11503(config-service[ssl_im1])# active

%% Bad IP Address

CSS11503# show startup-config

!Generated on 07/07/2009 12:28:32

!Active version: sg0810106


!*************************** GLOBAL ***************************

ssl associate rsakey imrsakey imrsakey

ip route 1

!************************* INTERFACE *************************

interface 2/6

bridge vlan 35

!************************** CIRCUIT **************************

circuit VLAN1

ip address

circuit VLAN35

ip address

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list ssl_proxy1

ssl-server 10

ssl-server 10 rsacert imcert

ssl-server 10 rsakey imrsakey

ssl-server 10 vip address

ssl-server 10 cipher rsa-export-with-rc4-40-md5 80


!************************** SERVICE **************************

service EUHS1WEB20

keepalive type http

port 80

protocol tcp

ip address


service ssl_im1

keepalive type none

add ssl-proxy-list ssl_proxy1

!*************************** OWNER ***************************


content http-rule

protocol tcp

port 80

add service EUHS1WEB20

vip address

content ssl-rule

protocol tcp

port 443

add service ssl_im1

vip address


Thank you in advance

Cisco Employee

Re: CSS 11503 and SSL configuration

You need an ssl module to do ssl encryption/decryption.


New Member

Re: CSS 11503 and SSL configuration

I thought as much, love the way cisco gives you information as per document I attached saying SSL termination is possible then no indication or caveat that an SSL module is needed