Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Outbound connections for SSL-VIP using multiple certificates?

Greetings,

I have a situation where encrypted outbound connections to the same external address (VIP on SSL module) will need to use a different certificate according to which source is initiating the connection. Would I be able to do so and what the configuration would be on the SSL module?

Need to initiate connection from Source01 VIP to external Destination using certificate01

and to initiate connection from Source02 VIP to same external Destination using certificate02

----------------------------------

CSM001#

vserver Source01-VIP-SSL

virtual 172.16.83.207 tcp https

serverfarm SSL001

persistent rebalance

inservice

!

vserver Source01-VIP

virtual 172.16.83.207 any

serverfarm Source01-FRM

persistent rebalance

inservice

!

vserver Source02-VIP-SSL

virtual 172.16.83.200 tcp https

serverfarm SSL001

persistent rebalance

inservice

!

vserver SOURCE02-VIP

virtual 172.16.83.200 any

serverfarm Source02-FRM

persistent rebalance

inservice

!

!

vserver Destination-VIP-SSL:80

virtual 172.16.33.165 tcp www

serverfarm SSL001

persistent rebalance

inservice

----------------------------------

SSL001#

ssl-proxy service Destination-VIP-SSL:80 client

virtual ipaddr 172.16.33.165 protocol tcp port 80 secondary

server ipaddr 192.168.11.45 protocol tcp port 443

certificate rsa general-purpose trustpoint certificate01

no nat server

trusted-ca CA

authenticate verify signature-only

inservice

----------------------------------

307
Views
0
Helpful
0
Replies