Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSL-M integration into a 6500 environment with a CSM in one-arm mode with PBR

Ok..so I seem to have the TAC befuddled so I'm going to come here as well.

I have a 6509 with a CSM blade and a SSL-M blade installed.  The CSM is configured and working properly in a one-arm mode and we are tring to get the SSL-M integrated into the flow.  I can get the SSL-M to present the certificate, but response flow from the server REAL back to the client is getting hung it appears.  Even outside of talking through the CSM, the SSL-M does not seem to be functioning correctly. I think if I can get the SSL-M to just return traffic from a server REAL through to the client, the CSM integration would then be fall down.  Can someone help me with this as I am obviously missing something.  SSL-M is running 3.1(4).  The server real responds on port 81 and I can telnet to the port from the SSL-M.  If someone wants more of the config, I will attach it.  Right now I just want traffic to flow correctly through the SSL-M, I'll integrate the CSM into the mix later.

Some config information:

Begin 6500 CONFIG CLIP

---------------------------------------------------------------------------------------------

interface Vlan4 **Vlan the SSL-M is connected to on MSFC**
ip address 10.4.0.1 255.255.0.0
ip flow ingress
end

interface Vlan80 **Vlan the server is connected to on MSFC**
ip address 10.80.0.1 255.255.0.0
ip flow ingress
end

Begin SSL-M CONFIG CLIP

----------------------------------------------------------------------------------------------

ssl-proxy context Default
!
service SSLTEST
  virtual ipaddr 10.80.110.214 protocol tcp port 4443
  server ipaddr 10.80.100.214 protocol tcp port 81
  certificate rsa general-purpose trustpoint windows-iis6
  inservice

interface SSL-Proxy0
no ip address
no ip route-cache
hold-queue 2048 in
!
interface SSL-Proxy0.1
encapsulation dot1Q 4
ip address 10.4.1.10 255.255.0.0
no ip route-cache
!
interface SSL-Proxy0.80
encapsulation dot1Q 80
ip address 10.80.0.254 255.255.0.0
no ip route-cache
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.4.0.1

Begin Server Network Config info

-------------------------------------------------------------------------------

IP address 10.80.100.214/16

Default gateway 10.80.0.1 (Vlan of MSFC)

1 REPLY
Hall of Fame Super Silver

Re: SSL-M integration into a 6500 environment with a CSM in one-

Hello William,

I hope TAC has been of help.

Actually this was more a question for the data center forums - application networking where you could find better help

see

https://supportforums.cisco.com/community/netpro/data-center/application-network

Best Regards

Giuseppe

190
Views
0
Helpful
1
Replies
CreatePlease login to create content