Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

CSM-S issue

Hi, im having issues with configuring a CSM-S. Our standard config with a content switch module and ssl module is to have the SSL proxy vlan on a differing layer-3 subnet, and the CSM bridging between the client & server vlan for non SSL loadbalacing. As I say this works fine with seperate modules

We have just deployed a CSM-S ( embedded ssl daughter card) We set up the same configs, but this doesnt seem to work. If you look at the arp cache on the CSM-S module, you see that SSL Proxy vlan is not in correct VLAN,it hence no communication flow between the CSM and the SSL daughter card.

can anyone help ?

2 REPLIES
Hall of Fame Super Blue

Re: CSM-S issue

Hi Nick

We use CSM-S modules in our data centres and we do exactly the same as you are trying ie.

we route to the SSL daughtercard and bridge to load-balanced servers.

Could you post your config and the version numbers of the CSM-S modules.

Jon

Community Member

Re: CSM-S issue

hi Jon ,

i have the same issue. i have pasted my config below..pls validate.

HTTP traffic for 10.6.100.232 on port 80 for server Only

HTTPS traffic for 10.6.100.232 on port 443 for server Only

*****MSFC config *****

!

Vlan 801

description CSM-S_ADMIN_VLAN

ip address 10.6.78.2 255.255.255.240

standby 1 priority 100 preempt

standby 1 ip 10.6.78.1

!

!

Vlan 32

description SSL Offload TRAFFIC_VLAN

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

CSM-S service module configuration

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Current configuration : 866 bytes

module ContentSwitchingModule 5

ft group 250 vlan 996

priority 20

heartbeat-time 5

failover 4

preempt

!

vlan 10 client

ip address 10.6.100.3 255.255.255.0

!

vlan 800 server

ip address 10.6.100.3 255.255.255.0

!

vlan 801 server

description CSM-S_ADMIN_VLAN

ip address 10.6.78.5 255.255.255.240

!

vlan 32 server

description SSL_Offload TRAFFIC_VLAN

ip address 10.6.32.5 255.255.255.128

alias 10.6.32.1 255.255.255.128

!

serverfarm NEW_y

nat server

no nat client

failaction reassign

real 10.6.100.233 80

inservice

real 10.6.100.234 80

inservice

!

vserver NEW_y

virtual 10.6.100.235 tcp www

serverfarm NEW_y

replicate csrp connection

persistent rebalance

inservice

!

serverfarm WEBSSL

nat server

no nat client

real 10.6.32.7 local

inservice

!

vserver VSSL

virtual 10.6.100.232 tcp https

serverfarm WEBSSL

persistent rebalance

inservice

!

end

@@@@@@@@

SSL Daughter card config

######################

ip domain name reiko.com

!

ip ssh rsa keypair-name ssh-key

!

!

ssl-proxy service sslterm

virtual ipaddr 10.6.32.7 255.255.255.128 protocol tcp port 443 secondary

server ipaddr 10.6.100.232 protocol tcp port 80

certificate rsa general-purpose trustpoint cc.reiko.com

inservice

ssl-proxy vlan 801

ipaddr 10.6.78.9 255.255.255.240

gateway 10.6.78.1

admin

ssl-proxy vlan 32

ipaddr 10.6.32.3 255.255.255.128

gateway 10.6.32.1

route 10.6.100.0 gateway 10.6.100.1

its is also not accepting the route command by saying that the next-hop is not directly attached.

TiA

198
Views
0
Helpful
2
Replies
CreatePlease to create content