Cisco Support Community
Community Member

SSL Accel not working on 11501


I have a problem with a CSS11501 with the SSL module installed. The SSL module doesn't accept the traffic on port 443 and it goes directly to the server. The server has a certificate installed and that's how I know that it doesn't work. I access the server on port 80 and 443 without any problem. I've seen a similar post on this issue without a solution and the questions were:

Does the browser support the certificates? I'm using IE 6.0 SP1, I honestly don't know if it's supported but I've enabled all RSA ciphers.

Are there any hits on the stats. None, the only counter that changes is the HASH on the Crypto counter.

Any help is appreciated.

Thanks, Niels

The config is the following:

ssl associate rsakey key1 cert1

ssl associate cert cert1 cert1.pem

!************************** CIRCUIT **************************

circuit VLAN1

ip address

circuit VLAN2

ip address

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list Servidores_SSL

ssl-server 1

ssl-server 1 rsakey key1

ssl-server 1 rsacert cert1

ssl-server 1 vip address

ssl-server 1 cipher rsa-export1024-with-rc4-56-sha 80

ssl-server 1 cipher rsa-export1024-with-des-cbc-sha 80

ssl-server 1 cipher rsa-export-with-des40-cbc-sha 80

ssl-server 1 cipher rsa-export-with-rc4-40-md5 80

ssl-server 1 cipher rsa-with-3des-ede-cbc-sha 80

ssl-server 1 cipher rsa-with-des-cbc-sha 80

ssl-server 1 cipher rsa-with-rc4-128-sha 80

ssl-server 1 cipher rsa-with-rc4-128-md5 80


!************************** SERVICE **************************

service HTTP

ip address

keepalive type http


service HTTPS

add ssl-proxy-list Servidores_SSL

slot 2

keepalive type none

type ssl-accel


!*************************** OWNER ***************************

owner tripartita

content HTTP

protocol tcp

add service HTTP

balance aca

vip address

port 80


content SSL-Prueba

vip address

balance aca

add service HTTPS

application ssl

protocol tcp

port 443


Community Member

Re: SSL Accel not working on 11501

The current configuration causes port 443 traffic to go to the SSL module and then the SSL module sends it to This is also listed as a service on the CSS. There is nothing in the configuration in your note that would cause the CSS to send traffic to port 443 on the server. Is the configured on any other device, like a firewall translation, for instance?

Are you saying that "show summary" doesn't show any hits on either content rule?

What URL do you enter on the browser?

What URL do you see on the browser after the attempt has concluded?


CreatePlease to create content