Table Of Contents
Managing Proxy Services
Proxy Service Wizards
Basic Proxy Service Wizard
Advanced Proxy Service Wizard
Selecting Available NAT Pools
Selecting Available CA Pools
Viewing Proxy Services
Viewing Proxy Services Details
Editing Proxy Service Configuration
NAT Pools
Understanding NAT Pools
Viewing NAT Pools
Adding NAT Pools
Deleting NAT Pools
Assigning NAT Pools to Proxy Services
Selecting Available CA Pools
Selecting Available NAT Pools
Selecting Available Certificate Trustpoints
How Do I...
How Do I Setup a Proxy Service?
Troubleshooting Proxy Services
Managing Proxy Services
CVDM-SSLSM allows you to view, configure, and edit Proxy Services. The Proxy Service Wizards helps you set up proxy services.
This chapter contains the following topics:
•
Proxy Service Wizards
• Viewing Proxy Services
• Viewing Proxy Services Details
• Troubleshooting Proxy Services
• NAT Pools
You can configure the virtual IP address and port associated with the proxy service, and the associated target server IP address and port. You can define TCP and SSL policies for both client (virtual) and server sides of the proxy.
You can configure SSL client proxy services to specify that the proxy service accepts clear text traffic, encrypts the traffic into SSL traffic, and forwards the traffic to the backend SSL server.
While you are required to configure a certificate for the SSL server proxy, you are not required to configure a certificate for SSL client proxy. If you configure the certificate for the SSL client proxy, that certificate is sent in response to the Certificate Request message that is sent by the server during the client authentication phase of the handshake protocol.
Proxy Service Wizards
CVDM-SSLSM supports the following proxy service wizards. You can use the basic Proxy Service Wizard to configure a proxy service and assign a certificate. The advanced proxy service wizards helps you to configure the proxy service, assign a certificate and policies, and configure peer certificate authentication.
• Basic Proxy Service Wizard
• Advanced Proxy Service Wizard
Figure 7-1 Proxy Service Wizards
Basic Proxy Service Wizard
The Basic Proxy Service wizard helps you set up a server proxy service or a client proxy/backend encryption service.
To launch the basic proxy service wizard:
Step 1 Click Setup in the task bar.
Step 2 Click Wizards in the left-most pane. The Wizards page appears.
Step 3 Click Proxy Services Wizard tab. The Proxy services wizard page appears.
Step 4 Select Basic Proxy Service Configuration, then click Launch the Selected Task The Welcome page for basic proxy service wizard appears.
Step 5 The Welcome page describes the steps to follow for creating a proxy service. Click Next to continue.
To create a proxy service:
Step 1 Define the proxy service name and type. For more information on defining the name and type, see Defining Proxy Service Name and Type.
Step 2 Configure the client side (virtual) parameters and server parameters. For more information on configuring the client side (virtual) parameters and the server parameters, see Configuring Client Side (Virtual) and Server Parameters.
Step 3 Assign certificate to proxy service (optional for client proxy service). For more information on assigning certificates to a proxy service, see Assigning Certificate to Proxy Services.
Defining Proxy Service Name and Type
This page of the basic proxy service setup wizard helps you define the name and type of the proxy service.
The following fields appear:
Field
|
Description
|
Proxy Service Name
|
Enter a name for your proxy service.
|
Admin Status
|
Select the admin status of the proxy service.
Values are:
•Up
•Down
|
Service Type
|
Server Proxy
|
Select this option if you want to create a server proxy service.
Server proxy service accepts clear text traffic, encrypts the traffic into SSL traffic, and forwards it to the backend SSL Server.
|
Client Proxy / Backend Encryption
|
Select this option if you want to create a client proxy service.
Client server proxy service accepts SSL traffic, decrypts the traffic into clear text, and forwards it to the backend server or virtual server.
|
Click < Back to read the welcome page.
Click Next > to move to step 2 of the task.
Configuring Client Side (Virtual) and Server Parameters
This page of the basic proxy setup wizard helps you in configuring the client side parameters and server parameters. You can configure NAT and also enable SSL Version 2.0 connections to be forwarded to a server using this page.
The following fields appear:
Field
|
Description
|
Client Side (Virtual)
|
Virtual IP Address
|
Enter the virtual IP address.
|
Secondary
|
Select the checkbox if you want to use the IP address as a secondary IP address.
|
Virtual IP Mask
|
Select any one of the following netmasks:
•0.0.0.0
•255.0.0.0
•255.255.0.0
•255.255.255.0
|
Wildcard Virtual IP Address
|
Select the checkbox to configure a wildcard virtual IP address.
|
Port (1-65535)
|
Enter the number of the port to be used for proxy service traffic.
|
Server
|
Server IP Address
|
Enter the server IP address.
|
Port (1-65535)
|
Enter the number of the port to be used for the traffic.
|
NAT
|
Server NAT
|
Select the check-box if you want to use a Server NAT.
|
Client NAT
|
Select the check-box if you want to use a Server NAT.
|
Client NAT Pool
|
Select any of the following options:
•Create and assign a new NAT Pool.
•Select an existing NAT Pool.
•Clear the NAT pool.
|
Forward SSL version 2.0 Connections
|
Select the check-box if you want to forward SSL version 2.0 connection to a SSLv2 server.
|
Server IP Address
|
The IP address of the server to be used for SSL version 2.0.
|
Port (1-65535)
|
The port to be used for the traffic.
|
Click < Back to move back to Step 1 of the basic setup wizard.
Click Next > to move to step 3 of the basic setup wizard.
Assigning Certificate to Proxy Services
This page of the Basic Proxy Service setup wizard helps you assign a certificate to the proxy service.
The following fields are displayed:
Field
|
Description
|
Certificate
|
Certificate Trustpoint
|
Select one of the following options:
•Select an existing Trustpoint.
•Clear the Trustpoint.
|
Status
|
Displays the status of the certificate.
|
Selecting Available Certificate Trustpoints
The available certificate Trustpoints dialog box provides information on the certificate Trustpoints available for the proxy services.
The following fields appear:
Field
|
Description
|
Trustpoint
|
The name of the Trustpoint.
|
Certificate Authority (CA)
|
The certification authority details of the certificate Trustpoint.
|
Subject
|
The subject of the certificate Trustpoint.
|
Select a Trustpoint, then click OK to select an existing certificate Trustpoint.
Viewing Proxy Service Setup Summary
From this window you can view a summary of the configured settings. You can review the configuration information.
Click < Back to move to the previous page of the wizard.
Click Finish to complete the setting up of proxy service.
Advanced Proxy Service Wizard
The Advanced Proxy Service wizard helps you in setting up a server proxy service or a client proxy/backend encryption service, and allows you to configure certificate authentication. The wizards also helps you set up policies for client (virtual) side and server connections.
To launch the advanced proxy service wizard:
Step 1 Click Setup in the task bar.
Step 2 Click Wizards in the left-most pane. The Wizards page appears.
Step 3 Click Proxy Services Wizard tab. The Proxy services wizard page appears.
Step 4 Select Advanced Proxy Service Configuration, then click Launch the Selected Task The Welcome page of the basic proxy service wizard appears.
Step 5 The Welcome page describes the steps to follow for creating a proxy service. Click Next to continue.
To create a proxy service:
Step 1 Define Proxy Service Name and Type.
Step 2 Configure Client Side (Virtual) and Server Parameters.
Step 3 (Optional for client proxy service) Assign Certificate to Proxy Service.
Step 4 (Optional) Assign policies to proxy service.
Defining Proxy Service Name and Type
This page of the Advanced Proxy Service setup wizard helps you in defining proxy service name and type.
The following fields appear:
Field
|
Description
|
Proxy Service Name
|
Enter a name for your proxy service.
|
Admin Status
|
Select the admin status of the proxy service.
Values are:
•Up
•Down
|
Service Type
|
Server Proxy
|
Select this option if you want to create a server proxy service.
Server proxy service accepts clear text traffic, encrypts the traffic into SSL traffic, and forwards it to the backend SSL Server.
|
Client Proxy / Backend Encryption
|
Select this if option if you want to create a Client proxy service.
Client server proxy service accepts SSL traffic, decrypts the traffic into clear text, and forwards it to the backend server or virtual server.
|
Configuring Client Side (Virtual) and Server Parameters
This page of the advanced proxy setup wizard helps you in configuring the client side parameters and server parameters. You can configure NAT using this page and also enable SSL Version 2.0 connections to be forwarded to a server.
The following fields appear:
Field
|
Description
|
Client Side (Virtual)
|
Virtual IP Address
|
Enter the virtual IP address.
|
Secondary
|
Select the check-box if you want to make the sever secondary.
|
Virtual Netmask
|
Select any one of the following netmasks:
•0.0.0.0
•255.0.0.0
•255.255.0.0
•255.255.255.0
|
Wildcard Virtual IP Address
|
Select this checkbox to configure a wildcard virtual IP address.
|
Port (1-65535)
|
Enter the number of the port to be used for proxy service traffic.
|
Server
|
Server IP Address
|
Enter the server IP address.
|
Port (1-65535)
|
Enter the number of the port to be used for the traffic.
|
NAT
|
Server NAT
|
Select the checkbox if you want to use a server NAT.
|
Client NAT Pool
|
Click  and select any of the following options:
•Create and assign a new NAT Pool.
•Select an existing NAT Pool.
•Clear the NAT pool.
|
Click < Back to move back to Step 1 of the basic setup wizard.
Click Next > to move to step 3 of the basic setup wizard.
Assigning Certificate to Proxy Service
This page of the advanced proxy setup wizard helps you in assigning a certificate to the proxy service.
The following fields appear:
Field
|
Description
|
Certificate
|
Certificate Trustpoint
|
Click and select one of the following options:
•Select an existing Trustpoint.
•Clear the Trustpoint.
|
Status
|
Displays the status of the certificate.
|
Peer Certificate Authentication
|
Certificate Authentication
|
Enable or disable the certificate authentication.
|
Trusted CA Pool
|
The name of the trusted CA Pool.
|
Assigning Policies to Proxy Services
This page of the wizard helps you to assign policies to virtual and server proxy services.
The following fields appear:
Field
|
Description
|
Client Side (Virtual) TCP Policy
|
Select a client side TCP policy.
|
Client Side (Virtual) SSL Policy
|
Select a client side SSL policy.
|
Server TCP Policy
|
Select a server TCP policy.
|
Server SSL Policy
|
Select a server SSL policy.
|
URL Rewrite Policy
|
Select a URL rewrite policy.
|
HTTP Header Insertion Policy
|
Select an HTTP header insertion policy.
|
The dialog box helps you to:
•Create and use a new policy.
•Select an existing policy. You can select a policy from the list of existing policies.
•Clear the policy.
Assigning TCP Policy to Proxy Services
This page of the wizard helps you to assign policies to virtual and server proxy services.
The following fields appear:
Field
|
Action/Description
|
Policy
|
The name of the TCP Policy.
|
Proxy Service Name
|
The name of the proxy service.
|
Client Side (Virtual)
|
The name of the client side server.
|
Selected Services
|
The list of selected services.
|
Side
|
Select one of the following:
Both-the policy is assigned to both server and client.
Client-the policy is assigned to client only.
Server-the policy is assigned to server only.
|
To assign a policy:
Step 1 Select a proxy service name from the table, then click Add>>. The proxy service name is added to the list of selected services.
Step 2 Select the side to which the policy has to be assigned.
Step 3 Click OK.
Viewing Advanced Proxy Service Setup Summary
The summary page of the Advanced Proxy Service setup wizard provides the details of the proxy service you have configured.
Click < Back to move to step 3 of the wizard.
Click Finish to complete the setting up of proxy service.
Selecting Available NAT Pools
The Available NAT Pools dialog box provides information on the NAT Pools configured on the SSLSM.
Select a NAT Pool from the list, then click OK to select a NAT Pool.
The following fields appear:
Field
|
Description
|
Name
|
Name of the NAT pool.
|
Start IP Address
|
The first IP address in the NAT pool.
|
End IP Address
|
The last IP address in the NAT pool.
|
Netmask
|
The Netmask used by the addresses in the NAT pool.
|
Selecting Available CA Pools
The Available CA Pools dialog box provides information on the CA Pools configured on the SSLSM.
Select a CA Pool from the list, then click OK to select a CA Pool.
The following fields appear:
Field
|
Description
|
Name
|
The name of the CA Pool.
|
Number of Trustpoints
|
The number of Trustpoints associated to each CA Pool.
|
Status
|
The status of the CA Pool.
|
Viewing Proxy Services
Figure 7-2 Proxy Services
To view proxy services:
Step 1 Click Setup from the task bar.
Step 2 Click Proxy Services. The proxy services page appears.
Step 3 Open Proxy Services Group Folder. Proxy services are grouped under two sub-group folders:
•Server Proxy Services
•Client Proxy Services
Step 4 Click any of the sub-group folder.
The following fields appear:
Field
|
Description
|
Proxy Services
|
Name
|
Name of the proxy service.
|
Type
|
The type of the proxy service.
|
Client Side
|
The IP address and port number of the client.
|
Server
|
The IP address and port number of the server.
|
Admin Status
|
The admin status of the service.
|
Oper Status
|
Indicates the operational status of the service.
A  icon indicates that the service is administratively down.
A  icon indicates that the service is operationally down.
A  icon indicates that the service is up.
|
Certificate
|
Indicates the status of the certificate.
A  icon indicates that the certificate is valid.
A  icon indicates that the certificate invalid.
A  icon indicates that the certificate is valid only for less than 10 days.
A  icon indicates that the certificate is valid only for less than 20 days.
A  icon indicates that the certificate is valid only for less than 30 days.
A  icon indicates that the certificate chain is complete.
A  icon indicates that the certificate chain is incomplete.
|
Select any of the proxy service from the table, the following information appears for the selected service:
Proxy Service Status Details
Field
|
Description
|
Proxy Service
|
Name of the proxy service.
|
General
|
Service Type
|
The type of the service provided by the proxy.
For example: Server Proxy
|
Client Side
|
The IP address and port number of the client.
|
Server
|
The IP address and port number of the server.
|
Operation Status
|
Indicates the operational status of the service.
|
Client NAT
|
Indicates whether the client NAT is enabled.
|
Server NAT
|
Indicates whether the server NAT is enabled.
|
Server/Client Certificate Authentication
|
Indicates whether the peer certificate authentication is enabled.
|
Certificate
|
Trustpoint
|
Name of the certificate Trustpoint associated with the proxy service.
|
Subject Name
|
The subject name of the associated certificate.
|
CA Name
|
The issuer name of the associated certificate.
|
Key Pair
|
The key pair name, key size and indicates whether key pair is exportable.
|
Certificate Status
|
Indicates the validity of the certificate.
|
Certificate Chain
|
Indicates the status of the certificate chain.
|
Viewing Proxy Services Details
Figure 7-3 Proxy Service Details
To view the configured proxy services:
Step 1 Click Setup from the task bar.
Step 2 Click Proxy Services. The proxy services page appears.
Step 3 Open Proxy Services Group Folder. Proxy services are grouped under two sub-group folders:
•Server Proxy
•Client Proxy
Step 4 Open any of the sub-group folder, then click any of the object in the sub-group folder.
You can also view the details by clicking the proxy service hyperlink in the proxy service status details panel
The following fields appear:
Field
|
Description
|
Configuration
|
Proxy Service Name
|
Name of the proxy service
|
Admin Status
|
The administrative status of the proxy service.
|
Service Type
|
The type of the proxy service handled by the proxy service.
|
Operation Status
|
The operation status of the proxy service.
|
Client Side (Virtual)
|
Virtual IP Address
|
The client side IP address of the proxy service.
|
Virtual IP Mask
|
The client side mask used by the proxy service.
|
Port
|
The TCP port used by the client side proxy service.
|
Server
|
IP Address
|
The server IP address used by the proxy service.
|
Port
|
The TCP port used by the server side proxy service.
|
NAT
|
Server NAT
|
Indicates whether the server NAT is enabled.
|
Client NAT
|
Indicates whether the client NAT is enabled.
|
Client NAT Pool
|
The client NAT Pool used by the proxy service.
|
SSLV2 Server
|
IP Address
|
The IP address of the SSLV2 server used by the service.
|
Port
|
The port used by the SSLv2 server.
|
Certificate
|
Certificate Trustpoint
|
The name of the certificate Trustpoint associated by the service.
|
Trusted CA Pool
|
The name of the trusted CA pool used by the service.
|
Server/Client Certificate Authentication
|
Indicates whether a peer certificate authentication is being used.
|
Policy
|
Client Side (Virtual) TCP Policy
|
The virtual TCP policy used by the service.
|
Client Side (Virtual) SSL Policy
|
The virtual SSL policy used by the service.
|
Server TCP Policy
|
The server TCP Policy used by the service.
|
URL Rewrite Policy
|
The URL rewrite policy used by the service.
|
HTTP Header Insertion Policy
|
The HTTP header insertion policy used by the service.
|
Click Certificate Details Tab to view the Certificate details.
Field
|
Description
|
Certificate Status
|
The status of the certificate used by the selected service.
Example: Valid until Tue Nov 02 04:22:11 GMT
+05:30 2004
|
Trusted CA Certificates
|
CA Name
|
The name of the CA associated with the service.
|
Certificate Status
|
The status of the certificate.
|
Associated Trustpoint
|
Trustpoints associated with the certificate.
|
Click Certificate Chain Tab to view the Certificate chain.
Figure 7-4 Proxy Service - Certificate Chain
Field
|
Description
|
Status
|
The status of the certificate chain.
Example: Certificate chain is complete.
|
Certificate Details
|
Certificate
|
Displays the time until which the certificate is valid and the certificate.
Example: Valid until Tue Nov 02 04:22:11 GMT
+05:30 2004
|
Associated Trustpoints
|
This field appears only if the certificate has an associated Trustpoint.
|
Click Policy Details Tab to view the Certificate chain.
Field
|
Description
|
Policies
|
The list of applicable policies.
•Client Side (Virtual) SSL policy
•Client Side (Virtual) TCP policy
•Server TCP Policy
•URL Rewrite Policy
•HTTP Header Insertion policy
Select any of the policies to view the details.
|
Policy Details
|
The content in the policy details area changes according to the policies you select.
|
Editing Proxy Service Configuration
Step 1 Click Setup from the task bar.
Step 2 Click Proxy Services. The proxy services page appears.
Step 3 Open Proxy Services Group Folder. Proxy services are grouped under two sub-group folders:
•Server Proxy Services
•Client Proxy Services
Step 4 Open any of the sub-group folder, then click any of the object in the sub-group folder. The proxy service details page appears.
Step 5 Click Edit....
The following information appears:
Field
|
Action/Description
|
Proxy Service Name
|
Name of the proxy service you are editing.
|
Admin Status
|
Select the admin status for the service.
|
Client Side (Virtual)
|
Virtual IP Address
|
Enter the virtual IP address for the service.
|
Secondary
|
Select the checkbox if you need to make the virtual IP address a secondary IP address.
Secondary is required if the IP address is not on a directly connected network.
|
Virtual IP Mask
|
Select wildcard virtual IP address option to make this field active.
Select the IP mask from the drop-down list.
|
Wildcard Virtual IP Address
|
Select this option to use wildcard IP address.
|
Port (1-65535)
|
Enter the port number to be used by the service.
|
Server
|
IP Address
|
Enter the server IP address.
|
Port (1-65535)
|
Enter the port number used by the server.
|
SSLV2 Server
|
IP Address
|
Enter the IP address of the SSLV2 server.
|
Port (1-65535)
|
Enter the port number to be used by the server.
|
NAT
|
Server NAT
|
Select this option to use a server NAT.
|
Client NAT
|
Select this option to use a server NAT.
|
Client NAT Pool
|
Select one of the following:
•Create and use a new NAT Pool
•Select an existing NAT Pool
•Clear the NAT Pool
|
To edit the certificate details of the service, click Certificate tab. The following fields appear:
Field
|
Action/Description
|
Certificate Trustpoint
|
Select any of the following options:
•Select an existing Trustpoint
•Clear the Trustpoint
|
Trusted CA Pool
|
Select any of the following options:
•Create and use a new CA Pool
•Select an existing CA Pool
•Clear the CA Pool
|
Client/Server Certificate Authentication
|
Select any of the following options:
•Disabled
•Verify Signature, Check CRL and Certificate ACL
•Verify Signature Only
|
To edit the policy details of the service, click Policy tab. The following fields appear:
Field
|
Action/Description
|
Client Side (Virtual) TCP Policy
|
Select any of the following:
•Create and use a new TCP Policy
•Select an existing TCP Policy
•Clear TCP Policy
|
Client Side (Virtual) SSL Policy
|
Select any of the following:
•Create and use a new SSL Policy
•Select an existing SSL Policy
•Clear SSL Policy
|
Server TCP Policy
|
Select any of the following:
•Create and use a new TCP Policy
•Select an existing TCP Policy
•Clear TCP Policy
|
Server SSL Policy
|
Select any of the following:
•Create and use a new SSL Policy
•Select an existing SSL Policy
•Clear SSL Policy
|
URL Rewrite Policy
|
Select any of the following:
•Create and use a new URL Rewrite Policy
•Select an existing URL Rewrite Policy
•Clear URL Rewrite Policy
|
HTTP Header Insertion Policy
|
Select any of the following:
•Create and use a new HTTP Header Insertion Policy
•Select an existing HTTP Header Insertion Policy
•Clear HTTP Header Insertion Policy
|
NAT Pools
CVDM-SSLSM allows you to create Network Address Translation (NAT) pools.
Figure 7-5 NAT Pools
This section describes the following topics:
• Viewing NAT Pools
• Adding NAT Pools
• Deleting NAT Pools
• Assigning NAT Pools to Proxy Services
Understanding NAT Pools
Client connections originate from the client and are terminated on the SSL Services Module. Server connections originate from the SSL Services Module.
You can configure client NAT, server NAT, or both, on the server connection.
Server NAT
If you configure server NAT, the server IP address is used as the destination IP address for the server connection. If the server NAT is not configured, the destination IP address for the server connection is the same as the virtual IP address for which SSL Services Module is a proxy.
Client NAT
If you configure client NAT, the server connection source IP address and port are derived from a NAT pool. If client NAT is not configured, the server connection source IP address and port are derived from the source IP address and source port of the client connection.
Allocate enough IP addresses to satisfy the total number of connections supported by the SSL Services Module (256,000 connections). Assuming you have 32,000 ports per IP address, configure 8 IP addresses in the NAT pool. If you try to configure fewer IP addresses than required by the total connections supported by the SSL Services Module, the command is rejected.
Viewing NAT Pools
Step 1 Click Setup in the task bar.
Step 2 Click Proxy Services in the left-most pane. The Proxy Services page appears.
Step 3 Click NAT Pools in the object selector.
The following information appears:
Field
|
Description
|
Name
|
The Name of the NAT Pool.
|
Start IP Address
|
The first IP address used by the NAT Pool.
|
End IP Address
|
The last IP address used by the NAT Pool.
|
Netmask
|
The netmask used for the NAT pool.
For example: 255.255.0.0
|
Use Count
|
Number of proxy services using the NAT pool.
|
Select a NAT Pool, then click Assign to Proxy Services to assign a NAT Pool to a proxy service
Click Add... to add a new NAT Pool.
Select a NAT Pool, then click Delete to delete a NAT Pool.
Step 4 Select any NAT Pool from the table to display the configuration details.
Field
|
Description
|
General
|
Start IP Address
|
The first IP address in the NAT pool.
|
End IP Address
|
The last IP address in the NAT pool.
|
Netmask
|
The netmask used for the NAT pool.
For example: 255.255.255.0
|
Associated VLAN
|
The VLAN associated with the NAT pool.
|
Use Count
|
The number of proxy services associated with the NAT Pool.
|
Associated Proxy Services
|
Name
|
The name of the associated proxy service.
|
Client Side
|
The IP address of the virtual server.
|
Server
|
The IP address of the server.
|
Adding NAT Pools
Step 1 Click Setup in the task bar.
Step 2 Click Proxy Services in the left-most pane. The Proxy Services page appears.
Step 3 Click NAT Pools in the object selector.
Step 4 Click Add.... The Add New NAT Pool dialog box appears.
Field
|
Description
|
NAT Pool Name
|
Enter a name for your new NAT Pool.
|
Start IP Address
|
Enter the first IP address to be used for the NAT Pool.
|
End IP Address
|
Enter the last IP address to be used for the NAT Pool.
|
Net Mask
|
The IP mask to be used by the NAT Pool.
|
Alternatively, you can add NAT Pools using the Wizards.
Deleting NAT Pools
Step 1 Click Setup in the task bar.
Step 2 Click Proxy Services in the left-most pane. The Proxy Services page appears.
Step 3 Click NAT Pools in the object selector.
Step 4 Select a NAT pool from the list, then click Delete.
Assigning NAT Pools to Proxy Services
Step 1 Click Setup in the task bar.
Step 2 Click Proxy Services in the left-most pane. The Proxy Services page appears.
Step 3 Click NAT Pools in the object selector.
Step 4 Select a NAT pool from the list, then click Assign to Proxy Services. The Assign NAT Pool to Proxy Services dialog box appears.
Field
|
Description
|
Pool Name
|
The name of the NAT Pool you have selected.
|
Proxy Service Name
|
The name of the proxy service. You can select any one of the service from the list.
|
Client Side (Virtual)
|
Virtual server associated with the proxy service.
|
Selected Proxy Services
|
The list of services to which you want to assign the NAT Pool.
|
Step 5 Select a Proxy Service Name, then click Add >> to add the policy to the selected service.
You can remove the a proxy service from the list. Select a service from the list, then click << Remove.
You can clear all the services selected for assigning to a policy. Select a service from the list, then click Clear All.
Step 6 Click OK to assign NAT pool to the selected proxy services.
Selecting Available CA Pools
The following information appears:
Field
|
Action/Description
|
Name
|
Name of the CA Pool.
|
Number of Trustpoints
|
Number of Trustpoints associated with the CA Pool.
|
Status
|
Indicates the status of the CA Pool.
|
Select a CA Pool from the table, then click OK.
Selecting Available NAT Pools
The following information appears:
Field
|
Action/Description
|
Pool Name
|
Name of the NAT pool.
|
Start IP Address
|
The start IP address of the pool.
|
End IP Address
|
The end IP address of the pool.
|
Netmask
|
The netmask and port used by the selected NAT pool.
|
Select a NAT Pool from the table, then click OK.
Selecting Available Certificate Trustpoints
The following information appears:
Field
|
Action/Description
|
Trustpoint
|
The name of the Trustpoint.
|
Certificate Authority (CA)
|
The certificate authority details in the certificate.
|
Subject
|
The subject in the certificate.
|
Select a Certificate Trustpoint from the table, then click OK.
How Do I...
This section describes on how to achieve a task. The following question is answered:
• How Do I Setup a Proxy Service?
How Do I Setup a Proxy Service?
You can use Proxy Service Setup Wizards to create a proxy service.
The Basic Proxy Service wizard helps you set up a server proxy service or a client proxy/backend encryption service.
Step 1 Click Setup in the task bar.
Step 2 Click Wizards in the left-most pane. The Wizards page appears.
Step 3 Click Proxy Services Wizard tab. The Proxy services wizard page appears.
Step 4 Select Basic Proxy Service Configuration, then click Launch the Selected Task The Welcome page for basic proxy service wizard appears. The Welcome page describes the steps to follow to complete the task.
Step 5 Click Next to continue.
Step 6 Define the proxy service name and type. For more information on defining the name and type, see Defining Proxy Service Name and Type
Step 7 Click Next to continue.
Step 8 Configure the client side (virtual) parameters and server parameters. For more information on configuring the client side (virtual) parameters and the server parameters, see Configuring Client Side (Virtual) and Server Parameters.
Step 9 Click Next to Continue.
Step 10 Assign certificate to proxy service (optional for client proxy service). For more information on assigning certificates to a proxy service, see Assigning Certificate to Proxy Services.
Troubleshooting Proxy Services
This section describes the proxy service operations status and the possible cause.
Proxy Service Operation Status
|
Possible Cause/Action
|
No cert
|
The certificate Trustpoint associated with the proxy service does not have a valid certificate or the certificate chain is incomplete.
You must make sure that the Trustpoint has a valid certificate and that the certificate chain is complete.
|
No Virtual IP
|
Virtual IP address has not been configured for the proxy service.
|
No Server IP
|
Server IP address has not been configured for the proxy service.
|
Cert not configured
|
No certificate has been configured for the proxy service. You must assign a certificate for server proxy service. For client proxy service a certificate is optional.
|
No CA pool
|
If you have enabled peer certificate authentication to verify all (signature, CRL check and ACL check), you must configure a CA pool with valid CA certificates for the proxy service.
|
No connectivity
|
No Client VLAN
If the virtual IP address (VIP) is not secondary, you must configure a VLAN for the client side network.
If you configure the VIP as secondary, it does not have to be in the VLAN (subnet) connected to the SSL Services Module.
No Server VLAN
If the server is in a network that is directly connected to SSL Services Module, you must configure a VLAN for the server side network.
If the server is not in a directly connected network, you must configure a route to the server.
No SSLv2 Server VLAN
If you have enabled forwarding of SSLv2 connections to a server and if the SSLv2 server is in a directly connected network, you must configure a VLAN for the server side network.
If the SSLv2 server is not in a directly connected network, you must configure a route the SSLv2 server.
No Server/Next Hop MAC
The server or the next hop (gateway) to the server is not responding to ARP.
No SSLv2 Server/Next Hop MAC
The SSLv2 server or the next hop (gateway) to the SSLv2 server is not responding to ARP.
|
|
