Cisco Systems 6500 manual No timeout reassembly time, No tos carryover

Page 73

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

policy tcp

Table 2-5 Proxy-policy TCP Configuration Submode Command Descriptions (continued)

Syntax

Description

 

 

[no] timeout reassembly time

Allows you to configure the amount of time in seconds before the

 

reassembly queue is cleared; valid values are from 0 to 960 seconds

 

(0 = disabled). If the transaction is not complete within the specified time,

 

the reassembly queue is cleared and the connection is dropped. Use the no

 

form of this command to return to the default setting.

 

 

[no] tos carryover

Forwards the type of service (ToS) value to all packets within a flow.

 

Note If the policy is configured as a server TCP policy, the ToS value is

 

sent from the server to the client. If the policy is configured as a

 

virtual policy, the ToS value is sent from the client to the server.

 

Note The ToS value needs to be learned before it can be propagated. For

 

example, when a ToS value is configured to be propagated from the

 

server to client connection, the server connection must be

 

established before the value is learned and propagated. Therefore,

 

some of the initial packets will not carry the ToS value.

 

 

Usage Guidelines TCP commands that you enter on the SSL Services Module can apply either globally or to a particular proxy server.

You can configure a different maximum segment size for the client side and the server side of the proxy server.

The TCP policy template allows you to define parameters that are associated with the TCP stack.

You can either enter the no form of the command or use the default keyword to return to the default setting.

Examples

This example shows how to enter the proxy-policy TCP configuration submode:

ssl-proxy(config)#ssl-proxy context s1 ssl-proxy(config-context)#ssl-proxy policy tcp tcppl1 ssl-proxy(config-ctx-tcp-policy)#

These examples show how to set a given command to its default value:

ssl-proxy (config-ctx-tcp-policy)# default timeout fin-waitssl-proxy (config-ctx-tcp-policy)# default inactivity-timeoutssl-proxy (config-ctx-tcp-policy)# default buffer-share rx ssl-proxy (config-ctx-tcp-policy)# default buffer-share tx ssl-proxy (config-ctx-tcp-policy)# default mss

ssl-proxy (config-ctx-tcp-policy)# default timeout syn ssl-proxy (config-ctx-tcp-policy)#

This example shows how to define the FIN-wait timeout in seconds:

ssl-proxy (config-ctx-tcp-policy)# timeout fin-wait 200 ssl-proxy (config-ctx-tcp-policy)#

This example shows how to define the inactivity timeout in seconds:

ssl-proxy (config-ctx-tcp-policy)# timeout inactivity 300 ssl-proxy (config-ctx-tcp-policy)#

Catalyst 6500 Series Switch SSL Services Module Command Reference

 

OL-9105-01

2-47

 

 

 

Image 73
Contents Text Part Number OL-9105-01 Corporate HeadquartersPage Iii N T E N T SNatpool Acronyms A-1 OL-9105-01 Organization AudienceRelated Documentation Chapter Title DescriptionConvention Description ConventionsBoldface font Example, interface interface typeCisco.com Obtaining DocumentationCisco Product Security Overview Documentation FeedbackObtaining Technical Assistance Reporting Security Problems in Cisco ProductsXii Submitting a Service RequestXiii Obtaining Additional Publications and InformationXiv This chapter includes the following sections Getting HelpHow to Find Command Options Command Comment Mode keyword Must enter next on the command lineAfter you enter the mode keyword Complete the command. If additionalCommand Mode Access Method Prompt Exit Method Understanding Command ModesConfigure terminal privileged Exec Configure terminalInterface command Using the No and Default Forms of CommandsImage using the boot system flash filename With an interfaceCharacter Special Meaning Using the CLI String SearchAeiou \$ \ \+AbcdABCD DA-DCharacter Telebit 3107 v32bisBa?b This string matches any number of asterisksCodex telebit Za-z0-9+Abcd $\.121300 For example1300$ 1300space space1300 1300, ,1300, 1300 ,1300 WithOL-9105-01 A P T E R Command Modes Command History DefaultsClear ssl-proxy conn Release ModificationDefaults Command Modes Command History Clear ssl-proxy contentUsage Guidelines Clear ssl-proxy sessionClear ssl-proxy stats Ssl-proxy#clear ssl-proxy stats Terminal Crypto pki export pemDes 3desCrypto pki import pem Related CommandsCrypto pki import pem Defaults Command HistoryExportable Usage-keysCrypto pki export pem Crypto pki export pkcs12 This example shows how to export a PKCS12 file using SCP Crypto pki import pkcs12 Filename TP2? /users/admin-1/pkcs12/TP2.p12 This example shows how to import a PKCS12 file using SCPCrypto Name key-name Crypto key decrypt rsaPassphrase passphrase Crypto key encrypt rsaCrypto key decrypt rsa Crypto key encrypt rsaCrypto key lock rsa Keylabel Name of the key Crypto key export rsa pemOptional Specifies that the key can be exported Key nametest-keys UsageGeneral Purpose Key Instead of one general-purpose key pair Crypto key import rsa pemNull-Imports from the null file system System-Imports from the system file systemPEM-formatted RSA key to the SSL Services Module Crypto key lock rsa name key-namepassphrase passphrase Crypto key lock rsaName key-name Optional Name of the key Passphrase passphraseCrypto key unlock rsa name key-namepassphrase passphrase Crypto key unlock rsaDebug ssl-proxy Command History Release Modification This example shows how to turn on App debugging Command EXEC-level command to be executed Do commandConfiguration mode Interface ssl-proxy Syntax Description Defaults Command Modes Command HistorySyntax Description Standby delay minimum reload Standby authenticationStandby timers Standby ipSsl-proxyconfig-subif#ip address 208.59.100.18 Ssl-proxy config# interface ssl-proxyThis example shows how to define a pool of IP addresses Context subcommand modeNatpool Natpool nat-pool-name startipaddr endipaddr netmask netmaskPolicy health-probe tcp Syntax Description Defaults Command ModesInterval seconds Failed-interval secondsSsl-proxyconfig#ssl-proxy context ssl Open-timeout secondsSsl-proxyconfig-context#policy health-probe tcp probe1 Running on server IP addressPage Client-cert pem Policy http-headerAlias Policy that is applied to the payloadField To Insert Description Client-cert pem Custom custom-string Client-ip-portInserts the custom-stringheader into the Http header PrefixSSL-OFFLOAD-SOFTWARE VERSION3.11 Related Commands show ssl-proxy policySession-caching is enabled Close-protocol is disabledTimeout session timeout absolute Policy sslSSL-Policy Configuration Submode Command Descriptions Timeout handshake timeout Renegotiation volume sizeHelp Renegotiation interval timeOL-9105-01 This example shows how to disable a session cache This example shows how to enable a session cacheOL-9105-01 Policy tcp Delayed-ack-timeout timer Delayed-ack-threshold delayNo timeout fin-wait timeout-in-seconds No timeout inactivity timeout-in-secondsForm of this command to return to the default setting No timeout reassembly timeNo tos carryover Server to client connection, the server connection must beSsl-proxy config-ctx-tcp-policy# mss Policy url-rewrite Redirectonly Ssl-proxyconfig-context#ssl-proxy policy url-rewrite test1Pool ca ca-pool-name Pool caCa-pool-name Certificate authority pool name Service Default certificate inservice nat server Authenticate verify all signature-onlyInservice Certificate rsa general-purpose trustpointVirtual policy tcp Virtual policy ssl ssl-policy-nameVlan vlan Related Commands show ssl-proxy service Policy health-probe tcp Policy http-header Service clientVirtual policy ssl ssl-policy-name Nat server client natpool-nameVirtual policy tcp Vlan vlanSsl-proxy config-ctx-ssl-proxy# server policy tcp tcppl1 Show interfaces ssl-proxy 0.subinterface Show interfaces ssl-proxyPolicy tcp Show ionterfacesShow ssl-proxy buffers This command has no default settingsShow ssl-proxy buffers Ssl-proxy#show ssl-proxy buffersService name Show ssl-proxy certificate-history service nameSpecific proxy service Show ssl-proxy certificate-historyRecord 1, Timestamp000051, 163634 UTC Oct 31 Ssl-proxy# show ssl-proxy certificate-historyRelated Commands service 4tuple Show ssl-proxy connLocal RemoteSsl-proxy#show ssl-proxy conn Context name Module module200.200.1438814 58796 Show ssl-proxy context Context DefaultShow ssl-proxy context name Name Optional Name of the contextShow ssl-proxy crash-info brief details Show ssl-proxy crash-infoBrief DetailsSsl-proxy#show ssl-proxy crash-info brief Stack top Printing 1024 bytes from stack topShow ssl-proxy mac address Show ssl-proxy mac addressSsl-proxy#show ssl-proxy mac address Show ssl-proxy natpool namecontext name Show ssl-proxy natpoolContext name NatpoolHealth-probe tcp Show ssl-proxy policyHttp-header Url-rewriteSsl-proxy#show ssl-proxy policy tcp tcp-policy1 Ssl-proxy#show ssl-proxy policy ssl ssl-policy1Ssl-proxy#show ssl-proxy policy health-probe tcp tcp-health Show ssl-proxy service namecontext name Show ssl-proxy serviceSsl-proxy#show ssl-proxy service Ssl-proxy#show ssl-proxy service S6Service client Show ssl-proxy stats ContentShow ssl-proxy stats type Stats This example shows how to display the PKI statistics This example shows how to display the TCP statisticsSsl-proxy#show ssl-proxy stats context Context name Default This example shows how to display context statisticsSsl-proxy# show ssl-proxy stats hdr Ssl-proxy#show ssl-proxy stats content This example shows how to display content statisticsShow ssl-proxy status fdu ssl tcp Show ssl-proxy statusShow ssl-proxy status TCP cpu is alive Show ssl-proxy version Show ssl-proxy versionSsl-proxy#show ssl-proxy version Show ssl-proxy vlan vlan-iddebugmodule module Show ssl-proxy vlanDebug Optional Displays debug informationDefaults Command Modes Command History Examples Snmp-server enableSsl-proxy context Command Purpose and Guidelines DefaultsSsl-proxy context name No ssl-proxy context name Description descriptionPolicy tcp policy-name Policy ssl policy-namePolicy url-rewrite policy-name Pool ca nameThis example shows how to start a cryptographic self-test Seconds Global configurationSsl-proxy crypto selftest Time-intervalRelated Commands show ssl-proxy mac address This example shows how to configure a MAC addressSsl-proxy config# ssl-proxy mac address 00e0.b0ff.f232 Ssl-proxy mac addressSsl-proxy pki This example shows how to enable PKI event-history This example shows how to specify the cache sizeRelated Commands show ssl-proxy stats Key-name Name of the key Passphrase Pass phrase Ssl-proxy crypto key unlock rsaSsl-proxyconfig#ssl-proxy ip-frag-ttl Time is 6 seconds Global configurationSsl-proxy ip-frag-ttl Ssl-proxy ip-frag-ttl timeSsl-proxy config# no ssl-proxy ssl ratelimit Ssl-proxy config# ssl-proxy ssl ratelimitSsl-proxy ssl ratelimit Ssl-proxy ssl ratelimit No ssl-proxy ssl ratelimitGroup-number is String is cisco Standby authenticationMin-delay is 1 second Reload-delay is 5 seconds Standby delay minimum reloadSsl-proxyconfig#interface ssl-proxy Show standby delaySsl-proxyconfig-subif#standby delay minimum 30 reload Standby ip Defaults Command Modes Command History Usage GuidelinesSecondary Group-number is100 Used by the hot standby group is learned using HsrpStandby group-numbermac-addressmac-address Standby mac-addressNo standby group-numbermac-address Mac-address MAC addressThat is used in the end nodes Ssl-proxyconfig-subif#standby 1 mac-addressShow standby 102Standby mac-refresh seconds no standby mac-refresh Standby mac-refresh103 Standby name Hsrp is disabledStandby name group-name No standby name group-name Group-name Name of the standby group105 Standby preemptLeaves any synchronization delay if it was configured Operation returns to the default behaviorClients To become the active routerStandby group-numberpriority priority Standby priorityNo standby group-numberpriority priority Group-number is Priority is108 This example shows how to change the router priority109 Standby redirectsSsl-proxyconfig-subif#standby redirects timers 90 Related Commands show standbyShow standby redirect 110Msec Standby timersOptional Specifies the interval in milliseconds 111112 Decrement priority Standby trackOr comes back up 113Router B Configuration Router a ConfigurationRelated Commands standby preempt 114Standby use-bia scope interface no standby use-bia Standby use-biaScope interface On which it was entered, instead of the major interfaceStandby version This example shows how to configure Hsrp versionStandby version 1 Specifies Hsrp versionAcronym Expansion CCA CbacCDP CEFDsap DramDscp DspuIcmp ICDIDB IDPMdix MD5Mdss MFDOSM OSIOspf PAEROM RmonRommon RPCSVC STPSVI TACACS+WRR Weighted round-robinXNS Xerox Network SystemOL-9105-01 Acknowledgments for Open-Source Software OL-9105-01 Asterisk + plus sign Period ? command Caret # character privileged Exec mode prompt$ character IN-1IN-2 IN-3 IN-4 IN-5 TCPIN-6 Configuration submode User Exec mode, summary
Related manuals
Manual 20 pages 62.17 Kb Manual 112 pages 18.84 Kb Manual 262 pages 31.67 Kb