Is it possible to sniff SSL encrypted traffic on the CSS? Our config has encrypted user traffic coming in to the CSS on port 443, being unencrypted by the SSL module, then reencrypted and sent out to the backend server on port 443. Are there any debug or snoop commands I can run on the CSS to view the encrypt/decrypt transactions and capture the clear text data?
You can sniff the SSL traffic coming in and heading out of the CSS with a regular sniffer application such as Ethereal or Wireshark. Be sure to save the file in .cap format.
Using a tool such as SSLDUMP along with OPENSSL, you can use your CSSs private key to decrypt the secure traffic. Only having the private key and certificate you will be able to decrypt the payload of the SSL traffic.
Thanks for the reply alejrodr... but I guess I need to clarify exactly what I am trying to do.
I am wondering if there is a way to be on the CSS remotely and issue some commands (debugs?) that would enable me to view the entire process of the traffic flow from entry to exit as it is being processed by the SSL module. Basically, is there a command I can run on the CSS that will dump all SSL module transaction data either onto the screen or into a file on the disk?
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...