Cisco CSS 11150 configuration

Posted on 2005-03-29
Medium Priority
Last Modified: 2008-01-09

We use a CISCO CSS 11150 for load balancing 2 machines.

Currently I don't have SSL setup on the machines. To attempt to get this working, I purchased a seperate SSL certificate for each server (because my CSS doesn't have an SSL card in it and does not support one), installed the certificates (they are working fine) on their own seperate IP address for each server using port 443.

Here is the existing CSS script:

"Service" entries eg.

service machine-1
  ip address xxx.xxx.xxx.xx1
  keepalive type http
  keepalive uri "/file.htm"

service machine-1
  ip address xxx.xxx.xxx.xx2
  keepalive type http
  keepalive uri "/file.htm"

and then "Owner" entries eg.

content machines-https
  add service machine-1
  add service machine-2
  protocol tcp
  port 443
  vip address xxx.xxx.xxx.xxx
  advanced-balanc sticky-srcip
  application ssl

Currently (using the CSS configuration script above) whenever I try to load a https page the page just IE just sits ie. does not display any error, it just never finds the page and has a blank screen. Same with FireFox. Therefore I think it is my CSS configuration script.

Is this script incorrect? Should this work?

Thanks in advance.
Question by:rot299
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Accepted Solution

CajunBill earned 1000 total points
ID: 13658835
In the first part of your script you have repeated the name "service machine-1" where you probably meant to put "service machine-2" in the second service entry. Is that the way it is in the real configuration?

Is it correct to put the network diagram this way:

x.x.x.1       |------|           |Cisco |------------------[IEclient-machine]
httpserver2|        |         vvv.vvv.vvv.vvv
x.x.x.2       |------|

And that on the IE client machine, you enter "https://vvv.vvv.vvv.vvv/mypage"?

Expert Comment

ID: 14185653
I can understand your feelings if the answer was trivial, but that does not mean a grade of C is appropriate.

If my answer did not solve the problem, then I'd rather have NO points.
If it did solve the problem, what's with the grade of "C"?

I wish EE had some kind of arbitration mechanism to address this type of issue.

Featured Post

WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question