Can anyone confirm if this is a valid configuration or if i require a SSL module.
We have a web server at the back of the CSS running http . We are now trying to add https service to this server.
I have added the rules to content switch - a service for 443 and a content rule. We cannot get the service up however, it is showing down. The service is running ok on the server (we can telnet to it on port 443)
Does the CSS pass the encrypted data to the backend server transparently or is a SSL module required?
Yes. You do not need one if you don't open the encrypted packets. In reality this doesn't work and you will be heading up to a point of no return after making a huge investment on a CSS box that doesn't support SSL termination. We got couple of boxes here that eats lots of your time lot of frustration when it comes to providing Support.
The biggest limitation here is when you try to select an effective advanced balancing method in order to provide session stickiness you are stuck here.
We are left with only 2 valid choices, (I ignored the src ip-dest port) whether to use SSLID or the src ip as the adv balance method. No way you can use the arrow point and other fine methods here with this box.
If you opt for the src ip as the adv balancing method you are stuffed by the mega proxies.
If you opt for the SSLid you are plagued by the IE browser that keeps changing its SSLid pretty frequently, unless you apply some MS patching on every user PC which is unpractical in the Internet arena.
I would strongly recommend a CSS with an SSL module for an effective load balancing if there is an encrypted traffic that needs to be effective load balanced.
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...