Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
6
Helpful
2
Replies

SSL Termination without downtime when adding SSL servers

astrand
Level 1
Level 1

‎12-07-2006 07:55 AM

Hi,

We have a number of SSL servers defined in a ssl-proxy-list on a CSS 11501 running 7.50.1.03. The ssl-proxy list is used in a HTTPS termination service.

When we want to add another SSL server to the ssl-proxy-list, I have to suspend the list, add the new SSL server and then activate the list. Even though the interruption is short, these steps make the current SSL server unavailable during the process. Is there a way to make the change without affecting availability of the existing servers?

Also, if we are using box-to-box redundancy, would there be away to solve the above problem (unless there is an easier solution)?

Thanks in advance for your help!

Regards,

Harald

Labels:
0 Helpful
2 Replies 2

diro
Level 1
Level 1

‎12-13-2006 07:31 AM

If your using box to box, make the change in the backup. Then force the backup to master (some flows will be lost) (force master command) finnaly change the config in the new backup

skumar1969
Level 1
Level 1
In response to diro

‎12-20-2006 03:43 AM

I agree with diro. This is how we do on our gears. Do it on the backup and then trigger a failover, do it on the other box now.

There is one more way. Try constructing a new proxy-list in parallel to the existing one. Yes you can have multiple proxy-lists (256?) but only one can be active. When ready suspend current proxy-list, remove it from the ssl-mod-service as well and add the new one.

thanks

Customers Also Viewed These Support Documents