Cisco Cisco Content Switching Module with SSL Notas de publicación

CSCsv78324

A new environmental variable CLIENT_NAT_NO_PAT is introduced to allow the disabling of port 
address translation (PAT) when client network address translation (NAT) is enabled. A new counter 
is added in the dump of LB Statistics to indicate that PAT was necessary due to a port collision. 

In normal client NAT operation, a client packet’s source IP address is translated (NAT) and the 
source port number is translated (PAT). When the environmental variable CLIENT_NAT_NO_PAT 
is set, the CSM retains the original source port number when possible. If the original source port 
number is already in use by another connection, the CSM-S must perform PAT to avoid port 
collision. 

Certificate expiration warning

RFC 1323

Connection aging

Connection rate

Client and server

No SSL access in standby state

For redundancy, use either two CSMs or two CSM-S not a mix of CSM and CSM-S for supported 
redundancy configuration

Failure detection (SLB health monitoring schemes)

Module-level redundancy (stateless)

Password recovery

Total SSL connections attempt per proxy service

Total SSL connections successfully established per proxy service

Total SSL connections failed per proxy service

Total SSL alert errors per proxy service

Total SSL resumed sessions per proxy service

Total encrypted/decrypted packets/bytes per proxy service

Statistics displayed at 1 second, 1 minute, and 5 minutes traffic rate for CPU utilization and 
SSL-specific counters 

1.

NAT = Network Address Translation 

2.

PAT = Port Address Translation