can you help clarify my understanding on how to configure SSL Acceleration..... I have do essentially do 3 things...
1st, enable the SSL Accelerator under Accelerator Optimization (at both data centre and branch office WAAS Devices), but this will do nothing on it's own.
Secondly, on the Data Centre WAAS, under SSL Accelerated Services, I have to create a service, that is 'bound' to the host/server that is providing SSL Services (ie any web host that uses https to). This will allow the WAAS to proxy the certificates that would normally flow between client and host.
Then, I need to repeat the above step for all SSL servers.
Finally, I need to ensure that Secure Storage is configured, so that when the WAAS decrypted the SSL packets, it will not be vunerable to allowing unauthorised viewing of that info. This is acheived simply by clicking 'initialize secure store' under Configure > Security > Secure Store
Cisco WAAS has an option to create self-signed certificates and private keys/ Generate certificate signing request (Our own CA) or this can imported from existing certificate and key if we have them.
When a connection is requested, the WAN optimization device in the data center splits the original SSL connection from the client to the SSL server into two SSL connections. To the client the connection appears as the SSL server, and to the SSL server it appears as the SSL client. To act as the SSL server, the data center WAN optimization device needs an authentication certificate for each SSL service it is optimizing. When the WAN optimization device intercepts a connection request from a client, it uses the SSL server IP address/domain name to associate the certificate with the client.
You can refer below link for configuring the SSL and moreover you can view the white paper for example
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...