Document ID: 18658 |
FeedbackCisco has announced the end-of-sale for the Cisco LocalDirector. For more information, refer to the LocalDirector 400 Series End-of-Life and End-of-Sale Notices and Product Bulletins.
Introduction
This document provides a sample configuration for the Cisco LocalDirector and the Cisco Secure Content Accelerator (SCA) 11000 in one-armed proxy mode. One-armed proxy mode allows the SCA to terminate all Secure Socket Layer (SSL) sessions, and initiate clear text requests to the web server. This is beneficial for these reasons:
-
Offloading SSL sessions helps to reduce the work that the Web servers are doing.
-
By allowing the SCA to initiate a clear text connection to the Web servers, load balancers can more evenly distribute the load and maintain persistence to the back end Web server. This limits the possibility that a client loses their shopping cart during a session.
Before You Begin
Conventions
For more information on document conventions, see the Cisco Technical Tips Conventions.
Prerequisites
There are no specific prerequisites for this document.
Components Used
The information in this document is based on the LocalDirector 430 running 4.2.3 and an SCA 11000 running 3.0.5.
The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.
Configure
In this section, you are presented with the information to configure the features described in this document.
Note: To find additional information on the commands used in this document, use the Command Lookup Tool (registered customers only) .
Network Diagram
This document uses the network setup shown in the diagram below.
Configurations
This document uses these configurations:
-
Local Director 430
-
SCA 11000
| Local Director 430 |
|---|
Building configuration... : Saved : LocalDirector 430 Version 4.2.3 : Uptime is 0 weeks, 0 days, 1 hours, 3 minutes, 35 seconds syslog output 20.3 no syslog console enable password 000000000000000000000000000000 encrypted hostname localdirector no shutdown ethernet 0 no shutdown ethernet 1 no shutdown ethernet 2 no shutdown ethernet 3 interface ethernet 0 auto interface ethernet 1 auto interface ethernet 2 auto interface ethernet 3 auto mtu 0 1500 mtu 1 1500 mtu 2 1500 mtu 3 1500 multiring all no secure 0 no secure 1 no secure 2 no secure 3 no ping-allow 0 no ping-allow 1 no ping-allow 2 no ping-allow 3 ip address 172.16.1.213 255.255.255.192 route 0.0.0.0 0.0.0.0 172.16.1.193 1 arp timeout 30 no rip passive rip version 1 failover ip address 0.0.0.0 no failover failover hellotime 30 password dfeaf10390e560aea745ccba53e044ed encrypted snmp-server enable traps snmp-server community public no snmp-server contact no snmp-server location virtual 172.16.1.195:443:0:tcp is !--- Virtual for the secure connection from the client !--- to the SCA. virtual 172.16.1.195:81:0:tcp is !--- Virtual for the clear text communication from the !--- SCA to the backend web server. virtual 172.16.1.195:80:0:tcp is !--- Virtual for regular port 80 traffic to !--- the web site (optional). real 172.16.1.201:443:0:tcp is !--- SCA. real 172.16.1.25:80:0:tcp is !--- Web server. bind 172.16.1.195:443:0:tcp 172.16.1.201:443:0:tcp !--- Binds the secure virtual to the SCA. bind 172.16.1.195:81:0:tcp 172.16.1.25:80:0:tcp !--- Binds the non-secure virtual to the web server. bind 172.16.1.195:80:0:tcp 172.16.1.25:80:0:tcp !--- Binds the regular port 80 virtual to !--- the web server (optional). : end [OK] |
| SCA 11000 |
|---|
SCA-1# sho run
#
# Cisco CSCA Device Configuration File
#
# Written: Sat Dec 15 07:24:13 2001
# Inxcfg: version 2.3 build 200108071342
# Device Type: CSS-SCA
# Device Id: S/N 118032
# Device OS: MaxOS version 2.5.1 build 200108071341 by Dan L. Reading
### Device ###
mode one-port
!--- Allows one-armed configuration.
ip address 172.16.1.201 netmask 255.255.255.192
hostname SCA-1
password enable "243124676824697552563169414659636C7644757033644E514B632E"
no ip domain-name
no rdate-server
timezone ""
rip
ip route 0.0.0.0 0.0.0.0 172.16.1.193 metric 1
### Interfaces ###
interface network
auto
end
interface server
auto
end
### Remote Management ###
no remote-management access-list
remote-management enable
### SNMP Subsystem ###
no snmp
telnet enable
no telnet access-list
web-mgmt enable
no web-mgmt access-list
### SSL Subsystem ###
ssl
server chiptest1 create
ip address 172.16.1.195
sslport 443
!--- Secure connection port.
remoteport 81
!--- Non-secure connection port.
key default
cert default
secpolicy default
cachesize 20
no transparent
!--- Enables proxy or non-transparent behavior.
end
end
|
Verify
There is currently no verification procedure available for this configuration.
Troubleshoot
There is currently no specific troubleshooting information available for this configuration.
Related Information
- Downloads - Content Networking ( registered customers only)
- Content Networking Devices Hardware Support
- Technical Support - Cisco Systems
| Updated: Jan 30, 2006 | Document ID: 18658 |