174 ServerIron ADX Security Guide
53-1002440-03
Configuring Real and Virtual Servers for SSL Termination and Proxy Mode
6
Configuring Real and Virtual Servers for SSL Proxy Mode
Real and Virtual Server configuration is described in detail in the ServerIron ADX Server Load
Balancing Guide. When configuring a Real or Virtual Server for SSL Proxy Mode, you need to do the
following:
Configure a Real Server with an SSL port
Configure a Virtual Server with an SSL port
Enable SSL Proxy and specify an SSL client profile and an SSL server profile on the SSL port of
the Virtual Server
Bind SSL on the Virtual Server to an SSL port on a Real Server
For IPv4 Real Server to IPv4 Virtual Server
In the example below an IPv4 Real Server and an IPv4 Virtual Server are configured for SSL Proxy
mode with the following details:
An SSL port is defined on the Real Server: "rs3"
An SSL port is defined on the Virtual Server: "vip3".
SSL Proxy is configured and the SSL client profile "IPv4clientprofile" and SSL server profile
"IPv4serverprofile" are specified on the Virtual Server: "vip3".
A bind is configured between SSL on Virtual Server: "vip3" and SSL on the Real Server: "rs3".
ServerIronADX(config)# server real rs3 10.1.1.1
ServerIronADX(config-rs-rs3)# port ssl
ServerIronADX(config-rs-rs3)# exit
ServerIronADX(config)# server virtual-name-or-ip vip3
ServerIronADX(config-vs-vip3)# port ssl
ServerIronADX(config-vs-vip3)# port ssl ssl-proxy IPv4clientprofile
IPv4serverprofile
ServerIronADX(config-vs-vip3)# bind ssl rs3 ssl
For IPv6 Real Server to IPv6 Virtual Server
In the example below an IPv6 Real Server and an IPv6 Virtual Server are configured for SSL Proxy
mode with the following details:
An SSL port is defined on the Real Server: "rs4"
An SSL port is defined on the Virtual Server: "vip4".
SSL Proxy is configured and the SSL client profile "IPv6clientprofile" and SSL server profile
"IPv6serverprofile" are specified on the Virtual Server: "vip4".
A bind is configured between SSL on Virtual Server: "vip4" and SSL on the Real Server: "rs4".
ServerIronADX(config)# server real rs4 2000::2
ServerIronADX(config-rs-rs4)# port ssl
ServerIronADX(config-rs-rs4)# exit
ServerIronADX(config)# server virtual-name-or-ip vip4
ServerIronADX(config-vs-vip4)# port ssl
ServerIronADX(config-vs-vip4)# port ssl ssl-proxy IPv6clientprofile
IPv6serverprofile
ServerIronADX(config-vs-vip4)# bind ssl rs4 ssl
Syntax: [no] port ssl ssl-proxy <ssl-profile-name-1> <ssl-profile-name-2>