Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSL Termination without downtime when adding SSL servers

Hi,

We have a number of SSL servers defined in a ssl-proxy-list on a CSS 11501 running 7.50.1.03. The ssl-proxy list is used in a HTTPS termination service.

When we want to add another SSL server to the ssl-proxy-list, I have to suspend the list, add the new SSL server and then activate the list. Even though the interruption is short, these steps make the current SSL server unavailable during the process. Is there a way to make the change without affecting availability of the existing servers?

Also, if we are using box-to-box redundancy, would there be away to solve the above problem (unless there is an easier solution)?

Thanks in advance for your help!

Regards,

Harald

2 REPLIES
Bronze

Re: SSL Termination without downtime when adding SSL servers

If your using box to box, make the change in the backup. Then force the backup to master (some flows will be lost) (force master command) finnaly change the config in the new backup

Bronze

Re: SSL Termination without downtime when adding SSL servers

I agree with diro. This is how we do on our gears. Do it on the backup and then trigger a failover, do it on the other box now.

There is one more way. Try constructing a new proxy-list in parallel to the existing one. Yes you can have multiple proxy-lists (256?) but only one can be active. When ready suspend current proxy-list, remove it from the ssl-mod-service as well and add the new one.

thanks

244
Views
6
Helpful
2
Replies
CreatePlease login to create content