Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

service client

service client

Syntax Description

Defaults

Command Modes

To enter the client proxy-service configuration submode, use the service client command.

service ssl-proxy-name client

ssl-proxy-nameSSL proxy service name.

Client NAT is disabled.

Context subcommand mode

Command History

Release

Modification

 

SSL Services Module

Support for this command was introduced on the Catalyst 6500 series

 

Release 2.1(1)

switches.

 

 

 

 

SSL Services Module

The service client command (entered in context subcommand mode)

 

Release 3.1(1)

replaces the ssl-proxy service client command (entered in global

 

 

subcommand mode).

 

 

This command was changed to add the following submode commands:

policy health-probe tcp

policy http-header

Usage Guidelines You cannot use the same service_name for both the server proxy service and the client proxy service.

In client proxy-service configuration submode, you specify that the proxy service accept clear-text traffic, encrypt it into SSL traffic, and forward it to the back-end SSL server.

In most cases, all of the SSL-server-proxy configurations that are performed are also valid for the SSL-client-proxy configuration, except for the following:

You must configure a certificate for the SSL-server-proxy but you do not have to configure a certificate for the SSL-client-proxy. If you configure a certificate for the SSL-client-proxy, that certificate is sent in response to the certificate request message that is sent by the server during the client-authentication phase of the handshake protocol.

The SSL policy is attached to the virtual subcommand for the SSL server proxy service; whereas, the SSL policy is attached to the server subcommand for the SSL client proxy service.

Each proxy-service or proxy-client configuration submode command is entered on its own line.

Catalyst 6500 Series Switch SSL Services Module Command Reference

2-56

OL-9105-01

 

 

Page 82
Image 82
Cisco Systems 6500 manual Service client, Policy health-probe tcp Policy http-header