Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Cisco CSS 11150 configuration

Posted on 2005-03-29
Medium Priority
Last Modified: 2008-01-09

We use a CISCO CSS 11150 for load balancing 2 machines.

Currently I don't have SSL setup on the machines. To attempt to get this working, I purchased a seperate SSL certificate for each server (because my CSS doesn't have an SSL card in it and does not support one), installed the certificates (they are working fine) on their own seperate IP address for each server using port 443.

Here is the existing CSS script:

"Service" entries eg.

service machine-1
  ip address xxx.xxx.xxx.xx1
  keepalive type http
  keepalive uri "/file.htm"

service machine-1
  ip address xxx.xxx.xxx.xx2
  keepalive type http
  keepalive uri "/file.htm"

and then "Owner" entries eg.

content machines-https
  add service machine-1
  add service machine-2
  protocol tcp
  port 443
  vip address xxx.xxx.xxx.xxx
  advanced-balanc sticky-srcip
  application ssl

Currently (using the CSS configuration script above) whenever I try to load a https page the page just IE just sits ie. does not display any error, it just never finds the page and has a blank screen. Same with FireFox. Therefore I think it is my CSS configuration script.

Is this script incorrect? Should this work?

Thanks in advance.
Question by:rot299
  • 2

Accepted Solution

CajunBill earned 1000 total points
ID: 13658835
In the first part of your script you have repeated the name "service machine-1" where you probably meant to put "service machine-2" in the second service entry. Is that the way it is in the real configuration?

Is it correct to put the network diagram this way:

x.x.x.1       |------|           |Cisco |------------------[IEclient-machine]
httpserver2|        |         vvv.vvv.vvv.vvv
x.x.x.2       |------|

And that on the IE client machine, you enter "https://vvv.vvv.vvv.vvv/mypage"?

Expert Comment

ID: 14185653
I can understand your feelings if the answer was trivial, but that does not mean a grade of C is appropriate.

If my answer did not solve the problem, then I'd rather have NO points.
If it did solve the problem, what's with the grade of "C"?

I wish EE had some kind of arbitration mechanism to address this type of issue.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question