Manuals / Cisco Systems / Computer Equipment / Switch

Cisco Systems 6500 service client, policy health-probe tcp policy http-header, 2-56, Release

Models: 6500

1 160

Download 160 pages 24.26 Kb

Page 82

service client

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

service client

service client

Syntax Description

Defaults

Command Modes

To enter the client proxy-service configuration submode, use the service client command.

service ssl-proxy-name client

ssl-proxy-nameSSL proxy service name.

Client NAT is disabled.

Context subcommand mode

Command History	Release	Modification
	SSL Services Module	Support for this command was introduced on the Catalyst 6500 series
	Release 2.1(1)	switches.

	SSL Services Module	The service client command (entered in context subcommand mode)
	Release 3.1(1)	replaces the ssl-proxy service client command (entered in global
		subcommand mode).
		This command was changed to add the following submode commands:

• policy health-probe tcp

• policy http-header

Usage Guidelines You cannot use the same service_name for both the server proxy service and the client proxy service.

In client proxy-service configuration submode, you specify that the proxy service accept clear-text traffic, encrypt it into SSL traffic, and forward it to the back-end SSL server.

In most cases, all of the SSL-server-proxy configurations that are performed are also valid for the SSL-client-proxy configuration, except for the following:

•You must configure a certificate for the SSL-server-proxy but you do not have to configure a certificate for the SSL-client-proxy. If you configure a certificate for the SSL-client-proxy, that certificate is sent in response to the certificate request message that is sent by the server during the client-authentication phase of the handshake protocol.

•The SSL policy is attached to the virtual subcommand for the SSL server proxy service; whereas, the SSL policy is attached to the server subcommand for the SSL client proxy service.

Each proxy-service or proxy-client configuration submode command is entered on its own line.

Catalyst 6500 Series Switch SSL Services Module Command Reference

2-56	OL-9105-01

Image 82

Cisco Systems 6500 manual service client, policy health-probe tcp policy http-header, 2-56, Command History, Release

Contents

Release Corporate HeadquartersCatalyst 6500 Series Switch SSL Services Module Command Reference Cisco Systems, Inc 170 West Tasman Drive San Jose, CATHE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS Command-Line Interface How to Find Command OptionsDefinitions of Service Request Severity C O N T E N T Sservice client Commands for the Catalyst 6500 Series Switch SSL Services Moduleservice natpoolAcronyms A-1 snmp-server enablessl-proxy pki show ssl-proxy vlanCatalyst 6500 Series Switch SSL Services Module Command Reference ContentsOL-9105-01 Series Switch SSL Services Command-Line InterfaceCommands for the Catalyst Prefaceboldface font ConventionsConvention example, interface interface typeCisco.com Obtaining DocumentationProduct Documentation DVD Cisco Product Security Overview Documentation FeedbackOrdering Documentation Cisco Technical Support & Documentation Website Reporting Security Problems in Cisco ProductsObtaining Technical Assistance Emergencies - security-alert@cisco.comSubmitting a Service Request Definitions of Service Request SeverityObtaining Additional Publications and Information xiiiPreface Obtaining Additional Publications and Information Catalyst 6500 Series Switch SSL Services Module Command ReferenceOL-9105-01 Understanding Command Modes, page Command-Line InterfaceGetting Help, page How to Find Command Options, page Using the No and Default Forms of Commands, pageCommand How to Find Command OptionsPurpose Comment CommandTable 1-2 How to Find Command Options ssl-proxyconfig-if# channel-group 1 mode auto ? CommandTable 1-2 How to Find Command Options continued ssl-proxyconfig-if# channel-group 1 mode autoconfigure terminal privileged EXEC Understanding Command ModesAccess Method configure terminalimage using the boot system flash filename Using the No and Default Forms of Commandsinterface command with an interfaceSingle-Character Patterns Using the CLI String SearchRegular Expressions CharacterabcdABCD \$ \ \+aeiou a-dA-Dtelebit 3107 v32bis Multiple-Character PatternsMultipliers ba?bA-Za-z0-9+ AlternationAnchoring codex telebit1300$ 1300space space1300 1300, ,1300, 1300 ,1300 Parentheses for Recall1300 a.bc.\1\2Catalyst 6500 Series Switch SSL Services Module Command Reference 1-12Chapter 1 Command-Line Interface Using the CLI String Search OL-9105-01Commands for the Catalyst 6500 Series Switch SSL Services Module C H A P T E RCommand Modes Command History service nameDefaults clear ssl-proxy connDefaults Command Modes Command History clear ssl-proxy contentclear ssl-proxy content all rewrite scanning module module This example shows how to clear all of the content statisticsservice name clear ssl-proxy sessionUsage Guidelines Defaultsclear ssl-proxy stats service nameCommand Modes ssl tcp urlModification Command History Usage Guidelines ExamplesRelease context nameCommand Modes Command History Defaultscrypto pki export pem ReleaseExamples crypto pki import pemSyntax Description Defaults Command History Command Historycrypto pki import pem ReleaseExamples 2-10151129.901 %SYS-5-CONFIGI Configured from console by console crypto pki export pemDefaults Command Modes Command History crypto pki export pkcs122-11 ReleaseCatalyst 6500 Series Switch SSL Services Module Command Reference 2-12Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module ssl-proxyconfig# crypto pki export TP1 pkcs12 scp sky is blueDefaults crypto pki import pkcs122-13 Command Modes Command Historyfilename TP2? /users/admin-1/pkcs12/TP2.p12 2-14Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Referencepassphrase passphrase crypto key decrypt rsacrypto key decrypt write rsa name key-name passphrase passphrase 2-152-16 crypto key encrypt rsacrypto key encrypt write rsa name key-name passphrase passphrase DefaultsDefaults Command Modes Command History crypto key export rsa pem2-17 Syntax DescriptionChapter 2 Commands for the Catalyst 6500 Series SSL Services Module This example shows how to export a key from the SSL Services Module2-18 Catalyst 6500 Series Switch SSL Services Module Command ReferenceDefaults Command Modes Command History crypto key import rsa pem2-19 Syntax Descriptionssl-proxyconfig# crypto key import rsa newkeys pem url scp password 2-20Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Reference2-21 crypto key lock rsacrypto key lock rsa name key-name passphrase passphrase Defaults Command Modes Command History2-22 crypto key unlock rsacrypto key unlock rsa name key-name passphrase passphrase Defaults Command Modes Command Historypki type ssl type tcp type vlan content typedebug ssl-proxy fdu typecontent type Command History2-24 Release2-25 This example shows how to turn on App debuggingExamples Modification Command ModesRelease Usage Guidelinesinterface ssl-proxy Syntax Description Defaults Command Modes Command Historydefault Syntaxgroup-name preempt delayminimum standby group-number authenticationtext string delay minimum min-delay priority priority redirects enableRelated Commands show interfaces ssl-proxy show ssl-proxy vlan 2-29Examples 2-30 natpoolshow ssl-proxy natpool Defaultspolicy health-probe tcp policy-name Syntax Description Defaults Command Modespolicy health-probe tcp failed-interval is 60 secondsSyntax 2-32open-timeout seconds Description2-33 Related Commands show ssl-proxy policy show ssl-proxy servicealias policy http-headerclient-cert pem Field To InsertDescription 2-35Field To Insert ClientCert-Subject-CNDescription Field to insert2-36 Syntaxsession client-ip-portprefix 2-372-38 Related Commands show ssl-proxy policy2-39 timeout session timeout absolutepolicy ssl DefaultsThe policy ssl command entered in context subcommand mode replaces SSL Services ModuleThis command was changed to add the following subcommands the ssl-proxy policy ssl command entered in global subcommand modehelp renegotiation volume sizetimeout handshake timeout renegotiation interval time2-42 all-export-All export ciphers all-strong-All strong ciphers defaultThis example shows how to enter the SSL-policy configuration submode 2-43Examples Catalyst 6500 Series Switch SSL Services Module Command Reference 2-44Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module policy sslDefaults policy tcp2-45 Command Modesno timeout fin-wait timeout-in-seconds delayed-ack-threshold delaydelayed-ack-timeout timer no timeout inactivity timeout-in-seconds2-47 no timeout reassembly timeno tos carryover Syntax2-48 This example shows how to define the maximum size for the TCP segmentDefaults policy url-rewrite2-49 Command ModesEnter the no form of the command to remove the policy 2-50Examples Defaults Command Modes Command History pool ca2-51 default2-52 serviceservice client command Defaultsinservice authenticate verify all signature-onlydefault certificate inservice nat server certificate rsa general-purpose trustpointDescription 2-54Syntax virtual policy ssl ssl-policy-name2-55 Related Commands show ssl-proxy service2-56 service clientpolicy health-probe tcp policy http-header Syntax Description Defaults Command Modesvirtual policy tcp nat server client natpool-namevirtual policy ssl ssl-policy-name vlan vlanRelated Commands show ssl-proxy service 2-58Examples 2-59 show interfaces ssl-proxyshow interfaces ssl-proxy 0.subinterface Defaultsshow ssl-proxy buffers This command has no default settingsshow ssl-proxy buffers 2-602-61 show ssl-proxy certificate-history service nameshow ssl-proxy certificate-history Defaults Command Modes Command HistoryCatalyst 6500 Series Switch SSL Services Module Command Reference 2-62Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module ExamplesChapter 2 Commands for the Catalyst 6500 Series SSL Services Module Related Commands service2-63 Catalyst 6500 Series Switch SSL Services Module Command Referenceshow ssl-proxy conn module module show ssl-proxy conn service name context name module moduleshow ssl-proxy conn 4tupleModification 2-65Release context nameCatalyst 6500 Series Switch SSL Services Module Command Reference 2-66Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module ssl-proxy# show ssl-proxy conn service iis12-67 show ssl-proxy contextshow ssl-proxy context name Defaultsbrief show ssl-proxy crash-infoshow ssl-proxy crash-info brief details detailsCatalyst 6500 Series Switch SSL Services Module Command Reference 2-69Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module show ssl-proxy crash-info2-70 show ssl-proxy mac addressshow ssl-proxy mac address Syntax Description Defaults Command Modes Command History2-71 show ssl-proxy natpoolshow ssl-proxy natpool namecontext name Defaults Command Modes Command Historyhealth-probe tcp show ssl-proxy policyurl-rewrite name http-headerDisabled 2-73Reassembly timeout Delayed ACK timerpolicy tcp policy url-rewrite 2-74ssl-proxy# show ssl-proxy policy health-probe tcp tcp-health 2-75 show ssl-proxy serviceshow ssl-proxy service namecontext name Defaults Command Modes Command HistoryChapter 2 Commands for the Catalyst 6500 Series SSL Services Module 2-76Related Commands service show ssl-proxy serviceshow ssl-proxy stats type contentshow ssl-proxy stats 2-77Catalyst 6500 Series Switch SSL Services Module Command Reference 2-78Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Examplesshow ssl-proxy stats 2-79Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module ssl-proxy# show ssl-proxy stats pki PKI Memory Usage Countersssl-proxy# show ssl-proxy stats context Context name Default 2-80Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Referencessl-proxy# show ssl-proxy stats content 2-81Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command ReferenceSyntax Description show ssl-proxy statusshow ssl-proxy status fdu ssl tcp Optional Displays the FDU statusCatalyst 6500 Series Switch SSL Services Module Command Reference 2-83Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module show ssl-proxy status2-84 show ssl-proxy versionshow ssl-proxy version Syntax Description Defaults Command Modes Command Historyshow ssl-proxy vlan vlan-iddebugmodule module Related Commandsshow ssl-proxy vlan 2-85informs snmp-server enableDefaults Command Modes Command History Examples trapsPurpose and Guidelines ssl-proxy contextssl-proxy context name no ssl-proxy context name description descriptionCommand Purpose and Guidelines2-88 Defaultsno ssl-proxy crypto selftest ssl-proxy crypto selftestssl-proxy crypto selftest time-interval seconds time-intervalssl-proxy mac address mac-addr This example shows how to configure a MAC addressssl-proxy mac address 2-90timeout seconds no ssl-proxy pki authenticate cache certificate historyauthenticate timeout minutesRelated Commands show ssl-proxy stats 2-92Examples 2-93 ssl-proxy crypto key unlock rsassl-proxy crypto key unlock rsa key-name passphrase passphrase Defaults Command Modes Command History2-94 ssl-proxy ip-frag-ttlssl-proxy ip-frag-ttl time Syntax Description Defaults Command Modes2-95 ssl-proxy ssl ratelimitssl-proxy ssl ratelimit no ssl-proxy ssl ratelimit Defaultsno standby group-number authentication text string standby authenticationstandby group-number authentication text string 2-96no standby delay minimum min-delay reload reload-delay standby delay minimum reloadstandby delay minimum min-delay reload reload-delay 2-97Related Commands show standby delay2-98 Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module2-99 Defaults Command Modes Command History Usage Guidelinesstandby ip Syntax Descriptionused by the hot standby group is learned using HSRP 2-100Examples APPN standby mac-addressno standby group-number mac-address 2-1012-102 show standbyExamples 2-103 standby mac-refreshstandby mac-refresh seconds no standby mac-refresh Defaults Command Modes Command Historystandby name group-name no standby name group-name This example shows how to specifiy the standby name as SanJoseHAstandby name 2-104Defaults standby preempt2-105 Command Modes Command Historyssl-proxy config-subif# standby preempt delay minimum 2-106Examples 2-107 standby priorityno standby group-number priority priority Defaults Command Modes Command HistoryChapter 2 Commands for the Catalyst 6500 Series SSL Services Module 2-108Related Commands Catalyst 6500 Series Switch SSL Services Module Command Referencetimers enabledisable standby redirectsshow standby redirect This example shows how to allow HSRP to filter ICMP redirect messagesRelated Commands show standby 2-110Defaults standby timers2-111 Command Modes Command Historystandby timers msec 300 msec 2-112timers 5 ExamplesDefaults Command Modes Command History standby track2-113 Syntax DescriptionRelated Commands standby preempt Router A ConfigurationRouter B Configuration 2-114scope interface standby use-biastandby use-bia scope interface no standby use-bia 2-115standby version 1 This example shows how to configure HSRP versionstandby version Specifies HSRP versionAcronym AcronymsA P P E N D I X A ExpansionExpansion AcronymTable A-1 List of Acronyms continued Acronym ExpansionAcronym ExpansionAcronym ExpansionAcronym ExpansionAcronym ExpansionAcronym ExpansionExpansion Catalyst 6500 Series Switch SSL Services Module Command ReferenceAcronym Table A-1 List of Acronyms continuedAppendix A Acronyms A-10Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01Acknowledgments for Open-Source Software A P P E N D I X BAppendix B Acronyms Catalyst 6500 Series Switch SSL Services Module Command ReferenceOL-9105-01 I N D E SymbolsNumerics IN-1IN-2 configuring IN-3secondary interface IN-4 IN-5 Index IN-6Catalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01