Manuals / Cisco Systems / Computer Equipment / Switch

Cisco Systems 6500 Purpose and Guidelines, 2-88, Command, Defaults, section on page, Examples

Models: 6500

1 160

Download 160 pages 24.26 Kb

Page 114

Purpose and Guidelines

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

ssl-proxy context

Table 2-10 Context Submode Commands (continued)

Command	Purpose and Guidelines	Defaults

policy http-header policy-name	Configures the HTTP header insertion policy. See
	the “policy http-header” section on page 2-34.

policy ssl policy-name	Configures the SSL policy. See the“policy ssl”
	section on page 2-39.

policy tcp policy-name	Configures the TCP policy. See the “policy tcp”
	section on page 2-45.

policy url-rewrite policy-name	Configures the URL rewrite policy. See the “policy
	url-rewrite” section on page 2-49.

pool ca name	Configures a pool of resources. See the “pool ca”
	section on page 2-51.

service service_name	Enters SSL proxy service subcommand mode and
	lets you configure the SSL client or server proxy
	service. See the “service” section on page 2-52for
	information about SSL proxy services.

vrf-name name	Configures the VRF associated with this context.

Examples	This example shows how to configure the context “hubble”:
	ssl-proxy#configure terminal
	Enter configuration commands, one per line. End with CNTL/Z.
	ssl-proxy(config)#ssl-proxy context hubble

ssl-proxy(config-context)# vrf-name hubble ssl-proxy(config-context)# service hubble

ssl-proxy(config-ctx-ssl-proxy)#virtual ipaddr 3.100.100.108 protocol tcp port 443 ssl-proxy(config-ctx-ssl-proxy)#server ipaddr 5.100.100.41 protocol tcp port 80 ssl-proxy(config-ctx-ssl-proxy)#certificate rsa general-purpose trustpoint shuttle ssl-proxy(config-ctx-ssl-proxy)#nat client hubble ssl-proxy(config-ctx-ssl-proxy)#inservice ssl-proxy(config-ctx-ssl-proxy)#exit

ssl-proxy(config-context)#natpool hubble 5.100.100.20 5.100.100.27 netmask 255.255.255.0 ssl-proxy(config-context)#policy health-probe tcp probe1 ssl-proxy(config-ctx-tcp-probe)#port 80

ssl-proxy(config-ctx-tcp-probe)# exit ssl-proxy(config-context)# ssl-proxy(config-context)# description Example context ssl-proxy(config-context)# end

ssl-proxy#

Catalyst 6500 Series Switch SSL Services Module Command Reference

2-88	OL-9105-01

Image 114

Cisco Systems 6500 Purpose and Guidelines, 2-88, Command, Defaults, the “policy http-header” section on page, Examples

Contents

Release Corporate HeadquartersCatalyst 6500 Series Switch SSL Services Module Command Reference Cisco Systems, Inc 170 West Tasman Drive San Jose, CATHE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS Command-Line Interface How to Find Command OptionsDefinitions of Service Request Severity C O N T E N T Sservice client Commands for the Catalyst 6500 Series Switch SSL Services Moduleservice natpoolAcronyms A-1 snmp-server enablessl-proxy pki show ssl-proxy vlanContents Catalyst 6500 Series Switch SSL Services Module Command ReferenceOL-9105-01 Series Switch SSL Services Command-Line InterfaceCommands for the Catalyst Prefaceboldface font ConventionsConvention example, interface interface typeObtaining Documentation Cisco.comProduct Documentation DVD Documentation Feedback Cisco Product Security OverviewOrdering Documentation Cisco Technical Support & Documentation Website Reporting Security Problems in Cisco ProductsObtaining Technical Assistance Emergencies - security-alert@cisco.comSubmitting a Service Request Definitions of Service Request SeverityObtaining Additional Publications and Information xiiiCatalyst 6500 Series Switch SSL Services Module Command Reference Preface Obtaining Additional Publications and InformationOL-9105-01 Understanding Command Modes, page Command-Line InterfaceGetting Help, page How to Find Command Options, page Using the No and Default Forms of Commands, pageHow to Find Command Options CommandPurpose Command CommentTable 1-2 How to Find Command Options ssl-proxyconfig-if# channel-group 1 mode auto ? CommandTable 1-2 How to Find Command Options continued ssl-proxyconfig-if# channel-group 1 mode autoconfigure terminal privileged EXEC Understanding Command ModesAccess Method configure terminalimage using the boot system flash filename Using the No and Default Forms of Commandsinterface command with an interfaceSingle-Character Patterns Using the CLI String SearchRegular Expressions CharacterabcdABCD \$ \ \+aeiou a-dA-Dtelebit 3107 v32bis Multiple-Character PatternsMultipliers ba?bA-Za-z0-9+ AlternationAnchoring codex telebit1300$ 1300space space1300 1300, ,1300, 1300 ,1300 Parentheses for Recall1300 a.bc.\1\2Catalyst 6500 Series Switch SSL Services Module Command Reference 1-12Chapter 1 Command-Line Interface Using the CLI String Search OL-9105-01Commands for the Catalyst 6500 Series Switch SSL Services Module C H A P T E RCommand Modes Command History service nameDefaults clear ssl-proxy connDefaults Command Modes Command History clear ssl-proxy contentclear ssl-proxy content all rewrite scanning module module This example shows how to clear all of the content statisticsservice name clear ssl-proxy sessionUsage Guidelines Defaultsclear ssl-proxy stats service nameCommand Modes ssl tcp urlModification Command History Usage Guidelines ExamplesRelease context nameCommand Modes Command History Defaultscrypto pki export pem ReleaseExamples crypto pki import pemSyntax Description Defaults Command History Command Historycrypto pki import pem ReleaseExamples 2-10151129.901 %SYS-5-CONFIGI Configured from console by console crypto pki export pemDefaults Command Modes Command History crypto pki export pkcs122-11 ReleaseCatalyst 6500 Series Switch SSL Services Module Command Reference 2-12Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module ssl-proxyconfig# crypto pki export TP1 pkcs12 scp sky is blueDefaults crypto pki import pkcs122-13 Command Modes Command Historyfilename TP2? /users/admin-1/pkcs12/TP2.p12 2-14Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Referencepassphrase passphrase crypto key decrypt rsacrypto key decrypt write rsa name key-name passphrase passphrase 2-152-16 crypto key encrypt rsacrypto key encrypt write rsa name key-name passphrase passphrase DefaultsDefaults Command Modes Command History crypto key export rsa pem2-17 Syntax DescriptionChapter 2 Commands for the Catalyst 6500 Series SSL Services Module This example shows how to export a key from the SSL Services Module2-18 Catalyst 6500 Series Switch SSL Services Module Command ReferenceDefaults Command Modes Command History crypto key import rsa pem2-19 Syntax Descriptionssl-proxyconfig# crypto key import rsa newkeys pem url scp password 2-20Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Reference2-21 crypto key lock rsacrypto key lock rsa name key-name passphrase passphrase Defaults Command Modes Command History2-22 crypto key unlock rsacrypto key unlock rsa name key-name passphrase passphrase Defaults Command Modes Command Historypki type ssl type tcp type vlan content typedebug ssl-proxy fdu typecontent type Command History2-24 ReleaseThis example shows how to turn on App debugging 2-25Examples Modification Command ModesRelease Usage Guidelinesinterface ssl-proxy Syntax Description Defaults Command Modes Command Historydefault Syntaxgroup-name preempt delayminimum standby group-number authenticationtext string delay minimum min-delay priority priority redirects enable2-29 Related Commands show interfaces ssl-proxy show ssl-proxy vlanExamples 2-30 natpoolshow ssl-proxy natpool Defaultspolicy health-probe tcp policy-name Syntax Description Defaults Command Modespolicy health-probe tcp failed-interval is 60 secondsSyntax 2-32open-timeout seconds Description2-33 Related Commands show ssl-proxy policy show ssl-proxy servicealias policy http-headerclient-cert pem Field To InsertDescription 2-35Field To Insert ClientCert-Subject-CNDescription Field to insert2-36 Syntaxsession client-ip-portprefix 2-372-38 Related Commands show ssl-proxy policy2-39 timeout session timeout absolutepolicy ssl DefaultsThe policy ssl command entered in context subcommand mode replaces SSL Services ModuleThis command was changed to add the following subcommands the ssl-proxy policy ssl command entered in global subcommand modehelp renegotiation volume sizetimeout handshake timeout renegotiation interval time2-42 all-export-All export ciphers all-strong-All strong ciphers default2-43 This example shows how to enter the SSL-policy configuration submodeExamples Catalyst 6500 Series Switch SSL Services Module Command Reference 2-44Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module policy sslDefaults policy tcp2-45 Command Modesno timeout fin-wait timeout-in-seconds delayed-ack-threshold delaydelayed-ack-timeout timer no timeout inactivity timeout-in-seconds2-47 no timeout reassembly timeno tos carryover Syntax2-48 This example shows how to define the maximum size for the TCP segmentDefaults policy url-rewrite2-49 Command Modes2-50 Enter the no form of the command to remove the policyExamples Defaults Command Modes Command History pool ca2-51 default2-52 serviceservice client command Defaultsinservice authenticate verify all signature-onlydefault certificate inservice nat server certificate rsa general-purpose trustpointDescription 2-54Syntax virtual policy ssl ssl-policy-name2-55 Related Commands show ssl-proxy service2-56 service clientpolicy health-probe tcp policy http-header Syntax Description Defaults Command Modesvirtual policy tcp nat server client natpool-namevirtual policy ssl ssl-policy-name vlan vlan2-58 Related Commands show ssl-proxy serviceExamples 2-59 show interfaces ssl-proxyshow interfaces ssl-proxy 0.subinterface Defaultsshow ssl-proxy buffers This command has no default settingsshow ssl-proxy buffers 2-602-61 show ssl-proxy certificate-history service nameshow ssl-proxy certificate-history Defaults Command Modes Command HistoryCatalyst 6500 Series Switch SSL Services Module Command Reference 2-62Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module ExamplesChapter 2 Commands for the Catalyst 6500 Series SSL Services Module Related Commands service2-63 Catalyst 6500 Series Switch SSL Services Module Command Referenceshow ssl-proxy conn module module show ssl-proxy conn service name context name module moduleshow ssl-proxy conn 4tupleModification 2-65Release context nameCatalyst 6500 Series Switch SSL Services Module Command Reference 2-66Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module ssl-proxy# show ssl-proxy conn service iis12-67 show ssl-proxy contextshow ssl-proxy context name Defaultsbrief show ssl-proxy crash-infoshow ssl-proxy crash-info brief details detailsCatalyst 6500 Series Switch SSL Services Module Command Reference 2-69Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module show ssl-proxy crash-info2-70 show ssl-proxy mac addressshow ssl-proxy mac address Syntax Description Defaults Command Modes Command History2-71 show ssl-proxy natpoolshow ssl-proxy natpool namecontext name Defaults Command Modes Command Historyhealth-probe tcp show ssl-proxy policyurl-rewrite name http-headerDisabled 2-73Reassembly timeout Delayed ACK timer2-74 policy tcp policy url-rewritessl-proxy# show ssl-proxy policy health-probe tcp tcp-health 2-75 show ssl-proxy serviceshow ssl-proxy service namecontext name Defaults Command Modes Command HistoryChapter 2 Commands for the Catalyst 6500 Series SSL Services Module 2-76Related Commands service show ssl-proxy serviceshow ssl-proxy stats type contentshow ssl-proxy stats 2-77Catalyst 6500 Series Switch SSL Services Module Command Reference 2-78Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Examplesshow ssl-proxy stats 2-79Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module ssl-proxy# show ssl-proxy stats pki PKI Memory Usage Countersssl-proxy# show ssl-proxy stats context Context name Default 2-80Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Referencessl-proxy# show ssl-proxy stats content 2-81Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command ReferenceSyntax Description show ssl-proxy statusshow ssl-proxy status fdu ssl tcp Optional Displays the FDU statusCatalyst 6500 Series Switch SSL Services Module Command Reference 2-83Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module show ssl-proxy status2-84 show ssl-proxy versionshow ssl-proxy version Syntax Description Defaults Command Modes Command Historyshow ssl-proxy vlan vlan-iddebugmodule module Related Commandsshow ssl-proxy vlan 2-85informs snmp-server enableDefaults Command Modes Command History Examples trapsPurpose and Guidelines ssl-proxy contextssl-proxy context name no ssl-proxy context name description descriptionCommand Purpose and Guidelines2-88 Defaultsno ssl-proxy crypto selftest ssl-proxy crypto selftestssl-proxy crypto selftest time-interval seconds time-intervalssl-proxy mac address mac-addr This example shows how to configure a MAC addressssl-proxy mac address 2-90timeout seconds no ssl-proxy pki authenticate cache certificate historyauthenticate timeout minutes2-92 Related Commands show ssl-proxy statsExamples 2-93 ssl-proxy crypto key unlock rsassl-proxy crypto key unlock rsa key-name passphrase passphrase Defaults Command Modes Command History2-94 ssl-proxy ip-frag-ttlssl-proxy ip-frag-ttl time Syntax Description Defaults Command Modes2-95 ssl-proxy ssl ratelimitssl-proxy ssl ratelimit no ssl-proxy ssl ratelimit Defaultsno standby group-number authentication text string standby authenticationstandby group-number authentication text string 2-96no standby delay minimum min-delay reload reload-delay standby delay minimum reloadstandby delay minimum min-delay reload reload-delay 2-97Related Commands show standby delay2-98 Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module2-99 Defaults Command Modes Command History Usage Guidelinesstandby ip Syntax Description2-100 used by the hot standby group is learned using HSRPExamples APPN standby mac-addressno standby group-number mac-address 2-101show standby 2-102Examples 2-103 standby mac-refreshstandby mac-refresh seconds no standby mac-refresh Defaults Command Modes Command Historystandby name group-name no standby name group-name This example shows how to specifiy the standby name as SanJoseHAstandby name 2-104Defaults standby preempt2-105 Command Modes Command History2-106 ssl-proxy config-subif# standby preempt delay minimumExamples 2-107 standby priorityno standby group-number priority priority Defaults Command Modes Command HistoryChapter 2 Commands for the Catalyst 6500 Series SSL Services Module 2-108Related Commands Catalyst 6500 Series Switch SSL Services Module Command Referencetimers enabledisable standby redirectsshow standby redirect This example shows how to allow HSRP to filter ICMP redirect messagesRelated Commands show standby 2-110Defaults standby timers2-111 Command Modes Command Historystandby timers msec 300 msec 2-112timers 5 ExamplesDefaults Command Modes Command History standby track2-113 Syntax DescriptionRelated Commands standby preempt Router A ConfigurationRouter B Configuration 2-114scope interface standby use-biastandby use-bia scope interface no standby use-bia 2-115standby version 1 This example shows how to configure HSRP versionstandby version Specifies HSRP versionAcronym AcronymsA P P E N D I X A ExpansionAcronym ExpansionTable A-1 List of Acronyms continued Acronym ExpansionAcronym ExpansionAcronym ExpansionAcronym ExpansionAcronym ExpansionAcronym ExpansionExpansion Catalyst 6500 Series Switch SSL Services Module Command ReferenceAcronym Table A-1 List of Acronyms continuedAppendix A Acronyms A-10Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01Acknowledgments for Open-Source Software A P P E N D I X BCatalyst 6500 Series Switch SSL Services Module Command Reference Appendix B AcronymsOL-9105-01 I N D E SymbolsNumerics IN-1IN-2 IN-3 configuringsecondary interface IN-4 IN-5 Index IN-6Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01