I've got 6509 with SSL, CSM inside. I'm having problem with creating connectin to VIP on 443 port pointing to SSL module. My configuration is based on "Catalyst 6500 Series Switch Content Switching Module with SSL Installation and Configuration" document , Appendix B; B-7; CSM-S Configuration Example (Router Mode, Server NAT). It's seems to be simple but it's not working. Could anybody take a look at these excerpt from config.
VLAN to outside is 200; to SSL 150 (admin), 130 traffic; to clients 120.
ssl-proxy module 4 allowed-vlan 120,130,150
vlan 200 client
description Traffic from clients.
ip address X.23.48.5 255.255.255.0 alt X.23.48.6 255.255.255.0
alias X.23.48.4 255.255.255.0
vlan 120 server
description Server traffic
ip address 192.168.200.2 255.255.255.0 alt 192.168.200.3 255.255.255.0
alias 192.168.200.1 255.255.255.0
vlan 130 server
description SSL-DC traffic
ip address 172.16.0.21 255.255.255.0 alt 172.16.0.31 255.255.255.0
alias 172.16.0.1 255.255.255.0
no nat client
real 172.16.0.182 local
no nat client
virtual X.23.48.110 tcp https
virtual X.23.48.110 tcp www
description Polaczenie do SSL akceleratora
ip address 10.10.10.11 255.255.255.0
description VLAN do FWSM
ip address X.23.48.9 255.255.255.0
standby 1 ip X.23.48.10
and on SSL module:
ssl-proxy service SSL-TEST
virtual ipaddr 172.16.0.182 protocol tcp port 443 secondary
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...