Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSl Configuration.

Hi.

A customer has an existing web solution pointing directly to his servers. His new requirement is to offload ssl termination onto a css 11501.

The customer only has one server. However he has multiple web sites pointing to different ports on the single server.

Can this configuration be carried out on a css using ssl?

More to the point how do I represent this configuration in a ssl-server proxy list. Can I have different digital certificates.

ie ?

ssl-proxy-list goose_n_moose

ssl-server 20

ssl-server 20 vip address 14.2.6.20

ssl-server 20 cipher rsa-with-rc4-128-md5 14.2.6.20 80

ssl-server 20 rsakey goosekey

ssl-server 20 rsacert goosecert

ssl-server 25

ssl-server 25 vip address 14.2.6.20

ssl-server 25 cipher rsa-with-rc4-128-md5 14.2.6.20 8001

ssl-server 25 rsacert moosecert

ssl-server 25 rsakey moosekey

1 REPLY
New Member

Re: SSl Configuration.

Ravi,

The only problem is that the 2 ssl servers have the same matching criteria. They both match on the same IP address and port (default 443). The CSS has no way of distinguishing a request to goose from a request to moose. They would need either a different VIP address, or a different SSL port (444 for ex). The obstacle is that most clients will go to port 443, and will not know to change the destination port.

so- to sum up, you will probably need different VIP addresses so we can differentiate requests that go to different SSL servers.

-Steve

113
Views
0
Helpful
1
Replies