In our infrastructure we are using an ASA 5520 firewall. We have static NAT setup to convert externally facing IPs to internal IPs that correspond with the VIPs on our loadbalancer. We have the following 3 VIPs setup:
All three of these VIPs loadbalance the same serverfarm.
For example.com, we need to maintain both the standard SSL and Client Authenticated SSL. However, for the client authenticated SSL we know the source IPs that are authorized access to that site. example.com (non-client auth) and another-example.com are open to the public.
So we are using 3 external IPs to reach the same server farm. I would love to get down to using only one or two....but I don't see how I can do it.
The way I understand it, the SSL proxy is assigned to a Virtual Server. Since all three of these site require a different SSL proxy (2 due to using different certs, the other one is for the client auth) I think I'm stuck. I think the best case is that I can have the folks using the client auth site connect on a different port and setup a virtual server on that port.
What I would love to use is some sort of name based load balancing so that www.example.com would use one SSL proxy and www.another-example.com would use a different SSL proxy. I've read up on Layer 7 class-maps and the like but I can't see how it will work since the SSL proxy is assigned at the Layer 3/4 level.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...