Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS problem

I have

www.xxxxx.co.uk points to 19x.244.202.21

www.yyyyy.com points to 19x.244.202.21 as well

the address 19x.244.202.21 maps to 192.168.214.8 internally

192.168.214.8 is a Cisco CSS which spreads load between 4 boxes accordingly

these boxes live on 192.168.6.0/24

This is the problem: since there's no host-header checking on the content switch, anything that is destined for 19x.244.202.21 (from the outside) will end on on the same IP as galagames.co.uk

*the same 192.168.6.0/24 IP

this means that we can't have another SSL cert on that address (because galagames.co.uk) is already there, because the host header is itself encypted with https

we need to find a way of sending traffing to another address, based solely on host-header

does that make sense!?

"gw01-lastmin"..."gw04-lastmin" and have it work by host header. but i dont have a clue how

Here is the config of CSS

configure

!*************************** GLOBAL ***************************

restrict ftp

ip opportunistic all

ip redundancy

snmp community gal0902 read-only

snmp trap-type generic

snmp trap-type enterprise

snmp location "Gala Comms Cabinet"

snmp name "gcss01b"

snmp auth-traps

snmp trap-host 192.168.216.14 public

snmp trap-host 192.168.216.19 public

snmp trap-host 10.171.255.11 public

snmp trap-host 10.171.255.62 public

ip route 0.0.0.0 0.0.0.0 192.168.214.1 1

ip route 192.168.213.0 255.255.255.0 192.168.216.40 1

!************************* INTERFACE *************************

interface ethernet-1

redundancy-phy

bridge vlan 10

phy 100Mbits-FD

interface ethernet-2

bridge vlan 20

redundancy-phy

phy 100Mbits-FD

interface ethernet-8

phy 100Mbits-FD

!************************** CIRCUIT **************************

circuit VLAN1

ip address 192.168.214.34 255.255.255.240

redundancy-protocol

circuit VLAN10

redundancy

circuit VLAN20

redundancy

ip address 192.168.216.33 255.255.255.0

!************************** SERVICE **************************

service asd

service g01-games

service gw01-bingo

ip address 192.168.216.3

keepalive port 80

keepalive type http

keepalive uri "/css-check.jsp"

active

service gw01-casino

keepalive type http

keepalive uri "/css-check.jsp"

ip address 192.168.216.2

keepalive port 80

service gw01-games

ip address 192.168.216.1

keepalive port 80

keepalive uri "/css-check.jsp"

keepalive type http

active

service gw02-bingo

ip address 192.168.216.8

keepalive port 80

keepalive type http

keepalive uri "/css-check.jsp"

active

service gw02-casino

ip address 192.168.216.7

keepalive port 80

keepalive type http

keepalive uri "/css-check.jsp"

active

service gw02-games

keepalive port 80

keepalive type http

keepalive uri "/css-check.jsp"

active

service gw03-bingo

ip address 192.168.216.13

keepalive port 80

keepalive type http

keepalive uri "/css-check.jsp"

active

service gw03-casino

ip address 192.168.216.12

keepalive port 80

keepalive type http

keepalive uri "/css-check.jsp"

active

service gw03-games

ip address 192.168.216.11

keepalive port 80

keepalive type http

active

service gw04-bingo

ip address 192.168.216.18

keepalive port 80

keepalive type http

keepalive uri "/css-check.jsp"

active

service gw04-casino

keepalive type http

keepalive uri "/css-check.jsp"

ip address 192.168.216.17

keepalive port 80

active

service gw04-games

ip address 192.168.216.16

keepalive port 80

keepalive type http

keepalive uri "/css-check.jsp"

active

owner gala_leisure

content L4_rule_port443_bingo

add service gw01-bingo

add service gw02-bingo

add service gw03-bingo

add service gw04-bingo

protocol tcp

port 443

vip address 192.168.214.10

advanced-balance sticky-srcip-dstport

active

content L4_rule_port443_casino

add service gw01-casino

add service gw02-casino

add service gw03-casino

add service gw04-casino

protocol tcp

port 443

vip address 192.168.214.9

advanced-balance sticky-srcip-dstport

active

content L4_rule_port443_games

add service gw01-games

add service gw02-games

add service gw03-games

add service gw04-games

protocol tcp

port 443

vip address 192.168.214.8

balance leastconn

advanced-balance sticky-srcip-dstport

active

content L4_rule_port80_bingo

protocol tcp

port 80

add service gw01-bingo

add service gw02-bingo

add service gw03-bingo

vip address 192.168.214.10

add service gw04-bingo

balance leastconn

advanced-balance sticky-srcip-dstport

active

content L4_rule_port80_casino

protocol tcp

port 80

add service gw01-casino

add service gw02-casino

add service gw03-casino

add service gw04-casino

balance leastconn

vip address 192.168.214.9

advanced-balance sticky-srcip-dstport

active

content L4_rule_port80_games

protocol tcp

port 80

add service gw01-games

add service gw02-games

add service gw03-games

add service gw04-games

balance leastconn

vip address 192.168.214.8

advanced-balance sticky-srcip-dstport

active

!*************************** GROUP ***************************

group SOURCE_NAT

vip address 192.168.214.8

add service gw01-games

add service gw01-casino

add service gw01-bingo

!**************************** ACL ****************************

acl 2

clause 30 permit any any destination any

apply circuit-(VLAN10)

apply circuit-(VLAN20)

clause 10 permit any any destination any sourcegroup SOURCE_NAT

acl 1

clause 20 permit any any destination any

apply circuit-(VLAN1)

142
Views
0
Helpful
0
Replies
CreatePlease login to create content