Cisco Systems 6500 manual Context name Module module, Ssl-proxy#show ssl-proxy conn

Page 91

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

show ssl-proxy conn

Command History

 

Release

Modification

 

 

 

 

 

 

 

 

Cisco IOS Release

Support for this command was introduced on the Catalyst 6500 series

 

 

12.1(13)E and

switches.

 

 

 

 

 

 

 

 

SSL Services Module

 

 

 

 

 

 

 

 

 

 

Release 1.1(1)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SSL Services Module

This command was changed to add the following keywords:

 

 

Release 3.1(1)

context name

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

module module

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Examples

 

These examples show different ways to display the TCP connection that is established from the SSL

 

 

Services Module:

 

 

 

 

 

 

 

 

 

 

ssl-proxy#show ssl-proxy conn

 

 

 

 

 

 

 

 

Connections for TCP module 1

 

 

 

 

 

 

 

 

Local Address

Remote Address

VLAN

Conid

Send-Q Recv-Q State

 

---------------------

---------------------

----

------

------

------

------

 

 

2.0.0.10:4430

1.200.200.14:48582

2

0

0

0

ESTAB

 

1.200.200.14:48582

2.100.100.72:80

2

1

0

0

ESTAB

 

2.0.0.10:4430

1.200.200.14:48583

2

2

0

0

ESTAB

 

1.200.200.14:48583

2.100.100.72:80

2

3

0

0

ESTAB

 

2.0.0.10:4430

1.200.200.14:48584

2

4

0

0

ESTAB

 

1.200.200.14:48584

2.100.100.72:80

2

5

0

0

ESTAB

 

2.0.0.10:4430

1.200.200.14:48585

2

6

0

0

ESTAB

 

1.200.200.14:48585

2.100.100.72:80

2

7

0

0

ESTAB

 

2.0.0.10:4430

1.200.200.14:48586

2

8

0

0

ESTAB

 

1.200.200.14:48586

2.100.100.72:80

2

9

0

0

ESTAB

 

 

ssl-proxy#show ssl-proxy conn 4tuple local port 443

 

 

 

 

 

 

Connections for TCP module 1

 

 

 

 

 

 

 

 

Local Address

Remote Address

VLAN

Conid

Send-Q Recv-Q State

 

---------------------

---------------------

----

------

------

------

------

 

 

2.50.50.133:443

1.200.200.12:39728

2

113676

0

0

TWAIT

 

 

No Bound Connection

 

 

 

 

 

 

 

 

 

2.50.50.133:443

1.200.200.12:39729

2

113680

0

0

TWAIT

 

 

No Bound Connection

 

 

 

 

 

 

 

 

 

2.50.50.131:443

1.200.200.14:40599

2

113684

0

0

TWAIT

 

 

No Bound Connection

 

 

 

 

 

 

 

 

 

2.50.50.132:443

1.200.200.13:48031

2

114046

0

0

TWAIT

 

 

No Bound Connection

 

 

 

 

 

 

 

 

 

2.50.50.132:443

1.200.200.13:48032

2

114048

0

0

TWAIT

 

 

No Bound Connection

 

 

 

 

 

 

 

 

 

2.50.50.132:443

1.200.200.13:48034

2

114092

0

0

TWAIT

 

 

No Bound Connection

 

 

 

 

 

 

 

 

 

2.50.50.132:443

1.200.200.13:48035

2

114100

0

0

TWAIT

 

 

No Bound Connection

 

 

 

 

 

 

 

 

Catalyst 6500 Series Switch SSL Services Module Command Reference

 

OL-9105-01

2-65

 

 

 

Image 91
Contents Text Part Number OL-9105-01 Corporate HeadquartersPage Iii N T E N T SNatpool Acronyms A-1 OL-9105-01 Chapter Title Description AudienceOrganization Related DocumentationExample, interface interface type ConventionsConvention Description Boldface fontCisco.com Obtaining DocumentationCisco Product Security Overview Documentation FeedbackObtaining Technical Assistance Reporting Security Problems in Cisco ProductsXii Submitting a Service RequestXiii Obtaining Additional Publications and InformationXiv This chapter includes the following sections Getting HelpHow to Find Command Options Command Comment Complete the command. If additional Must enter next on the command lineMode keyword After you enter the mode keywordConfigure terminal Understanding Command ModesCommand Mode Access Method Prompt Exit Method Configure terminal privileged ExecWith an interface Using the No and Default Forms of CommandsInterface command Image using the boot system flash filenameCharacter Special Meaning Using the CLI String SearchDA-D \$ \ \+Aeiou AbcdABCDThis string matches any number of asterisks Telebit 3107 v32bisCharacter Ba?b$\.12 Za-z0-9+Codex telebit AbcdWith For example1300 1300$ 1300space space1300 1300, ,1300, 1300 ,1300OL-9105-01 A P T E R Release Modification DefaultsCommand Modes Command History Clear ssl-proxy connDefaults Command Modes Command History Clear ssl-proxy contentUsage Guidelines Clear ssl-proxy sessionClear ssl-proxy stats Ssl-proxy#clear ssl-proxy stats 3des Crypto pki export pemTerminal DesCrypto pki import pem Related CommandsUsage-keys Defaults Command HistoryCrypto pki import pem ExportableCrypto pki export pem Crypto pki export pkcs12 This example shows how to export a PKCS12 file using SCP Crypto pki import pkcs12 Filename TP2? /users/admin-1/pkcs12/TP2.p12 This example shows how to import a PKCS12 file using SCPCrypto Crypto key encrypt rsa Crypto key decrypt rsaName key-name Passphrase passphraseCrypto key decrypt rsa Crypto key encrypt rsaCrypto key lock rsa Keylabel Name of the key Crypto key export rsa pemOptional Specifies that the key can be exported Key nametest-keys UsageGeneral Purpose Key System-Imports from the system file system Crypto key import rsa pemInstead of one general-purpose key pair Null-Imports from the null file systemPEM-formatted RSA key to the SSL Services Module Passphrase passphrase Crypto key lock rsaCrypto key lock rsa name key-namepassphrase passphrase Name key-name Optional Name of the keyCrypto key unlock rsa name key-namepassphrase passphrase Crypto key unlock rsaDebug ssl-proxy Command History Release Modification This example shows how to turn on App debugging Command EXEC-level command to be executed Do commandConfiguration mode Interface ssl-proxy Syntax Description Defaults Command Modes Command HistorySyntax Description Standby ip Standby authenticationStandby delay minimum reload Standby timersSsl-proxyconfig-subif#ip address 208.59.100.18 Ssl-proxy config# interface ssl-proxyNatpool nat-pool-name startipaddr endipaddr netmask netmask Context subcommand modeThis example shows how to define a pool of IP addresses NatpoolFailed-interval seconds Syntax Description Defaults Command ModesPolicy health-probe tcp Interval secondsRunning on server IP address Open-timeout secondsSsl-proxyconfig#ssl-proxy context ssl Ssl-proxyconfig-context#policy health-probe tcp probe1Page Policy that is applied to the payload Policy http-headerClient-cert pem AliasField To Insert Description Client-cert pem Prefix Client-ip-portCustom custom-string Inserts the custom-stringheader into the Http headerSSL-OFFLOAD-SOFTWARE VERSION3.11 Related Commands show ssl-proxy policyPolicy ssl Close-protocol is disabledSession-caching is enabled Timeout session timeout absoluteSSL-Policy Configuration Submode Command Descriptions Renegotiation interval time Renegotiation volume sizeTimeout handshake timeout HelpOL-9105-01 This example shows how to disable a session cache This example shows how to enable a session cacheOL-9105-01 Policy tcp No timeout inactivity timeout-in-seconds Delayed-ack-threshold delayDelayed-ack-timeout timer No timeout fin-wait timeout-in-secondsServer to client connection, the server connection must be No timeout reassembly timeForm of this command to return to the default setting No tos carryoverSsl-proxy config-ctx-tcp-policy# mss Policy url-rewrite Redirectonly Ssl-proxyconfig-context#ssl-proxy policy url-rewrite test1Pool ca ca-pool-name Pool caCa-pool-name Certificate authority pool name Service Certificate rsa general-purpose trustpoint Authenticate verify all signature-onlyDefault certificate inservice nat server InserviceVirtual policy tcp Virtual policy ssl ssl-policy-nameVlan vlan Related Commands show ssl-proxy service Policy health-probe tcp Policy http-header Service clientVlan vlan Nat server client natpool-nameVirtual policy ssl ssl-policy-name Virtual policy tcpSsl-proxy config-ctx-ssl-proxy# server policy tcp tcppl1 Show ionterfaces Show interfaces ssl-proxyShow interfaces ssl-proxy 0.subinterface Policy tcpSsl-proxy#show ssl-proxy buffers This command has no default settingsShow ssl-proxy buffers Show ssl-proxy buffersShow ssl-proxy certificate-history Show ssl-proxy certificate-history service nameService name Specific proxy serviceRecord 1, Timestamp000051, 163634 UTC Oct 31 Ssl-proxy# show ssl-proxy certificate-historyRelated Commands service Remote Show ssl-proxy conn4tuple LocalSsl-proxy#show ssl-proxy conn Context name Module module200.200.1438814 58796 Name Optional Name of the context Context DefaultShow ssl-proxy context Show ssl-proxy context nameDetails Show ssl-proxy crash-infoShow ssl-proxy crash-info brief details BriefSsl-proxy#show ssl-proxy crash-info brief Stack top Printing 1024 bytes from stack topShow ssl-proxy mac address Show ssl-proxy mac addressSsl-proxy#show ssl-proxy mac address Natpool Show ssl-proxy natpoolShow ssl-proxy natpool namecontext name Context nameUrl-rewrite Show ssl-proxy policyHealth-probe tcp Http-headerSsl-proxy#show ssl-proxy policy tcp tcp-policy1 Ssl-proxy#show ssl-proxy policy ssl ssl-policy1Ssl-proxy#show ssl-proxy policy health-probe tcp tcp-health Ssl-proxy#show ssl-proxy service S6 Show ssl-proxy serviceShow ssl-proxy service namecontext name Ssl-proxy#show ssl-proxy serviceService client Show ssl-proxy stats ContentShow ssl-proxy stats type Stats This example shows how to display the PKI statistics This example shows how to display the TCP statisticsSsl-proxy#show ssl-proxy stats context Context name Default This example shows how to display context statisticsSsl-proxy# show ssl-proxy stats hdr Ssl-proxy#show ssl-proxy stats content This example shows how to display content statisticsShow ssl-proxy status fdu ssl tcp Show ssl-proxy statusShow ssl-proxy status TCP cpu is alive Show ssl-proxy version Show ssl-proxy versionSsl-proxy#show ssl-proxy version Optional Displays debug information Show ssl-proxy vlanShow ssl-proxy vlan vlan-iddebugmodule module DebugDefaults Command Modes Command History Examples Snmp-server enableDescription description Command Purpose and Guidelines DefaultsSsl-proxy context Ssl-proxy context name No ssl-proxy context namePool ca name Policy ssl policy-namePolicy tcp policy-name Policy url-rewrite policy-nameTime-interval Seconds Global configurationThis example shows how to start a cryptographic self-test Ssl-proxy crypto selftestSsl-proxy mac address This example shows how to configure a MAC addressRelated Commands show ssl-proxy mac address Ssl-proxy config# ssl-proxy mac address 00e0.b0ff.f232Ssl-proxy pki This example shows how to enable PKI event-history This example shows how to specify the cache sizeRelated Commands show ssl-proxy stats Key-name Name of the key Passphrase Pass phrase Ssl-proxy crypto key unlock rsaSsl-proxy ip-frag-ttl time Time is 6 seconds Global configurationSsl-proxyconfig#ssl-proxy ip-frag-ttl Ssl-proxy ip-frag-ttlSsl-proxy ssl ratelimit No ssl-proxy ssl ratelimit Ssl-proxy config# ssl-proxy ssl ratelimitSsl-proxy config# no ssl-proxy ssl ratelimit Ssl-proxy ssl ratelimitGroup-number is String is cisco Standby authenticationMin-delay is 1 second Reload-delay is 5 seconds Standby delay minimum reloadSsl-proxyconfig#interface ssl-proxy Show standby delaySsl-proxyconfig-subif#standby delay minimum 30 reload Group-number is Defaults Command Modes Command History Usage GuidelinesStandby ip Secondary100 Used by the hot standby group is learned using HsrpMac-address MAC address Standby mac-addressStandby group-numbermac-addressmac-address No standby group-numbermac-address102 Ssl-proxyconfig-subif#standby 1 mac-addressThat is used in the end nodes Show standbyStandby mac-refresh seconds no standby mac-refresh Standby mac-refresh103 Group-name Name of the standby group Hsrp is disabledStandby name Standby name group-name No standby name group-name105 Standby preemptTo become the active router Operation returns to the default behaviorLeaves any synchronization delay if it was configured ClientsGroup-number is Priority is Standby priorityStandby group-numberpriority priority No standby group-numberpriority priority108 This example shows how to change the router priority109 Standby redirects110 Related Commands show standbySsl-proxyconfig-subif#standby redirects timers 90 Show standby redirect111 Standby timersMsec Optional Specifies the interval in milliseconds112 113 Standby trackDecrement priority Or comes back up114 Router a ConfigurationRouter B Configuration Related Commands standby preemptOn which it was entered, instead of the major interface Standby use-biaStandby use-bia scope interface no standby use-bia Scope interfaceSpecifies Hsrp version This example shows how to configure Hsrp versionStandby version Standby version 1Acronym Expansion CEF CbacCCA CDPDspu DramDsap DscpIDP ICDIcmp IDBMFD MD5Mdix MdssPAE OSIOSM OspfRPC RmonROM RommonTACACS+ STPSVC SVIXerox Network System Weighted round-robinWRR XNSOL-9105-01 Acknowledgments for Open-Source Software OL-9105-01 IN-1 # character privileged Exec mode promptAsterisk + plus sign Period ? command Caret $ characterIN-2 IN-3 IN-4 IN-5 TCPIN-6 Configuration submode User Exec mode, summary
Related manuals
Manual 20 pages 62.17 Kb Manual 112 pages 18.84 Kb Manual 262 pages 31.67 Kb