02-14-2008 01:41 AM
Hello,
I have a Cat6500 with CSM-S module. I made a configuration for https connections in witch the client sends encrypted traffic to the server (port 443). CSM forward the encrypted traffic into SSL card where it was decrypted and go again to the CSM. So the problem is appear when all back-end servers go down but the front-end virtual server stay as operational status, because it dos not know that (it is forward the traffic into SSL module). So how this problem can be resolved.
!
probe SSL-MOD tcp
interval 2
port 443
!
probe WEBCASH http
header host apache
request method get url /_httpd_server_up_.html
port 7777
!
serverfarm SSL-WEB2
nat server
no nat client
real 192.168.30.12 local
inservice
probe SSL-MOD
!
serverfarm WEBCASH
nat server
no nat client
real name ORAWEB1-PR 7777
inservice
real name ORAWEB2PR 7777
inservice
probe WEBCASH
!
!
vserver HTTPS-WEB2
virtual 85.118.192.64 tcp https
serverfarm SSL-WEB2
replicate csrp sticky
replicate csrp connection
persistent rebalance
inservice
!
vserver HTTPS-DEC
virtual 192.168.131.254 tcp www
serverfarm WEBCASH
replicate csrp sticky
replicate csrp connection
persistent rebalance
inservice
!
----- SSL config -----
ssl-proxy service ssl-1
virtual ipaddr 192.168.30.12 protocol tcp port 443 secondary
server ipaddr 192.168.131.254 protocol tcp port 80
certificate rsa general-purpose trustpoint myglobul
policy url-rewrite ssl-1-rw
policy http-header ssl
inservice
!
02-14-2008 12:12 PM
Hi,
You can solve this problem with the Virtual Server Dependency feature in CSM:
In your case you would add 'status-tracking' to your front end Web VIP that watches to see if your back-end VIP goes down. If the back-end VIP goes down, so will the Web front-end VIP.
Hope this helps. Please rate.
-Brad
02-26-2008 12:53 AM
Hi Brad,
Thank you very match for the help! Now it is alright.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide