Cisco Cisco Content Switching Module 技術マニュアル
Configuring CSM to Load Balance SSL to a Farm
of SCAs for One−Armed Proxy Mode
of SCAs for One−Armed Proxy Mode
Document ID: 26341
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Configure
Network Diagram
Configurations
Verify
Troubleshoot
Related Information
Prerequisites
Requirements
Components Used
Conventions
Configure
Network Diagram
Configurations
Verify
Troubleshoot
Related Information
Introduction
This document provides a sample configuration for the Content Switching Module (CSM) load balance of
Secure Socket Layer (SSL) traffic to a farm of Secure Content Accelerators (SCAs). The configuration is for
SCAs in nontransparent proxy mode with connection in one−port mode.
Secure Socket Layer (SSL) traffic to a farm of Secure Content Accelerators (SCAs). The configuration is for
SCAs in nontransparent proxy mode with connection in one−port mode.
In nontransparent mode, the SCA uses the SCA IP address as the source for plain−text connections to the web
servers.
servers.
Note: Use two different VLANs/IP subnetworks for the SCAs and the web servers; one subnetwork is for all
SCAs, and a separate subnetwork is for all web servers. If you place both farms in the same Layer 2 (L2)
domain, source Network Address Translation (NAT) is necessary. Source NAT guarantees that packets return
to the CSM and that the Catalyst hardware does not simply L2 switch the packets.
SCAs, and a separate subnetwork is for all web servers. If you place both farms in the same Layer 2 (L2)
domain, source Network Address Translation (NAT) is necessary. Source NAT guarantees that packets return
to the CSM and that the Catalyst hardware does not simply L2 switch the packets.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these VLANs/subnetworks:
Client side: Virtual IPs (VIPs) and upstream router (Multilayer Switch Feature Card [MSFC])
•
Catalyst 6500/6000 with CSM in Slot 5
•
Server side 1: web servers
•
Server side 2: SCAs
•
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.