Manuals / Cisco Systems / Computer Equipment / Switch

Cisco Systems manual 2-66, Commands for the Catalyst 6500 Series SSL Services Module

Models: 6500

1 160

Download 160 pages 24.26 Kb

Page 92

ssl-proxy conn 4tuple remote ip 1.200.200.14

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

show ssl-proxy conn

ssl-proxy# show	ssl-proxy conn 4tuple remote ip 1.200.200.14
Connections for TCP module 1
Local Address		Remote Address	VLAN	Conid	Send-Q Recv-Q State
---------------------		---------------------	----	------	------	------	------
2.50.50.131:443		1.200.200.14:38814	2	58796	0	0	TWAIT
No Bound Connection
2.50.50.131:443		1.200.200.14:38815	2	58800	0	0	TWAIT
No Bound Connection
2.50.50.131:443		1.200.200.14:38817	2	58802	0	0	TWAIT
No Bound Connection
2.50.50.131:443		1.200.200.14:38818	2	58806	0	0	TWAIT
No Bound Connection
2.50.50.131:443		1.200.200.14:38819	2	58810	0	0	TWAIT
No Bound Connection
2.50.50.131:443		1.200.200.14:38820	2	58814	0	0	TWAIT
No Bound Connection
2.50.50.131:443		1.200.200.14:38821	2	58818	0	0	TWAIT
No Bound Connection
ssl-proxy#show ssl-proxy conn service iis1
Connections for TCP module 1
Local Address		Remote Address	VLAN	Conid	Send-Q Recv-Q State
---------------------		---------------------	----	------	------	------	------
2.50.50.131:443		1.200.200.14:41217	2	121718	0	0	TWAIT
No Bound Connection
2.50.50.131:443		1.200.200.14:41218	2	121722	0	0	TWAIT
No Bound Connection
2.50.50.131:443		1.200.200.14:41219	2	121726	0	0	TWAIT
No Bound Connection
2.50.50.131:443		1.200.200.14:41220	2	121794	0	0	TWAIT
No Bound Connection
2.50.50.131:443		1.200.200.14:41221	2	121808	0	0	TWAIT
No Bound Connection
2.50.50.131:443		1.200.200.14:41222	2	121940	0	0	TWAIT
No Bound Connection
2.50.50.131:443		1.200.200.14:41223	2	122048	0	0	TWAIT
No Bound Connection

Catalyst 6500 Series Switch SSL Services Module Command Reference

2-66	OL-9105-01

Image 92

Cisco Systems manual 2-66, Commands for the Catalyst 6500 Series SSL Services Module, show ssl-proxy conn

Contents

Corporate Headquarters Catalyst 6500 Series Switch SSL Services Module Command ReferenceRelease Cisco Systems, Inc 170 West Tasman Drive San Jose, CATHE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS How to Find Command Options Definitions of Service Request SeverityCommand-Line Interface C O N T E N T SCommands for the Catalyst 6500 Series Switch SSL Services Module serviceservice client natpoolsnmp-server enable ssl-proxy pkiAcronyms A-1 show ssl-proxy vlanOL-9105-01 ContentsCatalyst 6500 Series Switch SSL Services Module Command Reference Command-Line Interface Commands for the CatalystSeries Switch SSL Services PrefaceConventions Conventionboldface font example, interface interface typeProduct Documentation DVD Obtaining DocumentationCisco.com Ordering Documentation Documentation FeedbackCisco Product Security Overview Reporting Security Problems in Cisco Products Obtaining Technical AssistanceCisco Technical Support & Documentation Website Emergencies - security-alert@cisco.comSubmitting a Service Request Definitions of Service Request SeverityObtaining Additional Publications and Information xiiiOL-9105-01 Catalyst 6500 Series Switch SSL Services Module Command ReferencePreface Obtaining Additional Publications and Information Command-Line Interface Getting Help, page How to Find Command Options, pageUnderstanding Command Modes, page Using the No and Default Forms of Commands, pagePurpose How to Find Command OptionsCommand Table 1-2 How to Find Command Options CommandComment Command Table 1-2 How to Find Command Options continuedssl-proxyconfig-if# channel-group 1 mode auto ? ssl-proxyconfig-if# channel-group 1 mode autoUnderstanding Command Modes Access Methodconfigure terminal privileged EXEC configure terminalUsing the No and Default Forms of Commands interface commandimage using the boot system flash filename with an interfaceUsing the CLI String Search Regular ExpressionsSingle-Character Patterns Character\$ \ \+ aeiouabcdABCD a-dA-DMultiple-Character Patterns Multiplierstelebit 3107 v32bis ba?bAlternation AnchoringA-Za-z0-9+ codex telebitParentheses for Recall 13001300$ 1300space space1300 1300, ,1300, 1300 ,1300 a.bc.\1\21-12 Chapter 1 Command-Line Interface Using the CLI String SearchCatalyst 6500 Series Switch SSL Services Module Command Reference OL-9105-01Commands for the Catalyst 6500 Series Switch SSL Services Module C H A P T E Rservice name DefaultsCommand Modes Command History clear ssl-proxy connclear ssl-proxy content clear ssl-proxy content all rewrite scanning module moduleDefaults Command Modes Command History This example shows how to clear all of the content statisticsclear ssl-proxy session Usage Guidelinesservice name Defaultsservice name Command Modesclear ssl-proxy stats ssl tcp urlCommand History Usage Guidelines Examples ReleaseModification context nameDefaults crypto pki export pemCommand Modes Command History ReleaseExamples crypto pki import pemDefaults Command History Command History crypto pki import pemSyntax Description Release2-10 151129.901 %SYS-5-CONFIGI Configured from console by consoleExamples crypto pki export pemcrypto pki export pkcs12 2-11Defaults Command Modes Command History Release2-12 Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleCatalyst 6500 Series Switch SSL Services Module Command Reference ssl-proxyconfig# crypto pki export TP1 pkcs12 scp sky is bluecrypto pki import pkcs12 2-13Defaults Command Modes Command History2-14 Chapter 2 Commands for the Catalyst 6500 Series SSL Services Modulefilename TP2? /users/admin-1/pkcs12/TP2.p12 Catalyst 6500 Series Switch SSL Services Module Command Referencecrypto key decrypt rsa crypto key decrypt write rsa name key-name passphrase passphrasepassphrase passphrase 2-15crypto key encrypt rsa crypto key encrypt write rsa name key-name passphrase passphrase2-16 Defaultscrypto key export rsa pem 2-17Defaults Command Modes Command History Syntax DescriptionThis example shows how to export a key from the SSL Services Module 2-18Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Referencecrypto key import rsa pem 2-19Defaults Command Modes Command History Syntax Description2-20 Chapter 2 Commands for the Catalyst 6500 Series SSL Services Modulessl-proxyconfig# crypto key import rsa newkeys pem url scp password Catalyst 6500 Series Switch SSL Services Module Command Referencecrypto key lock rsa crypto key lock rsa name key-name passphrase passphrase2-21 Defaults Command Modes Command Historycrypto key unlock rsa crypto key unlock rsa name key-name passphrase passphrase2-22 Defaults Command Modes Command Historycontent type debug ssl-proxypki type ssl type tcp type vlan fdu typeCommand History 2-24content type ReleaseExamples This example shows how to turn on App debugging2-25 Command Modes ReleaseModification Usage GuidelinesSyntax Description Defaults Command Modes Command History defaultinterface ssl-proxy Syntaxstandby group-number authentication text string delay minimum min-delaygroup-name preempt delayminimum priority priority redirects enableExamples 2-29Related Commands show interfaces ssl-proxy show ssl-proxy vlan natpool show ssl-proxy natpool2-30 DefaultsSyntax Description Defaults Command Modes policy health-probe tcppolicy health-probe tcp policy-name failed-interval is 60 seconds2-32 open-timeout secondsSyntax Description2-33 Related Commands show ssl-proxy policy show ssl-proxy servicepolicy http-header client-cert pemalias Field To Insert2-35 Field To InsertDescription ClientCert-Subject-CNField to insert 2-36Description Syntaxclient-ip-port prefixsession 2-372-38 Related Commands show ssl-proxy policytimeout session timeout absolute policy ssl2-39 DefaultsSSL Services Module This command was changed to add the following subcommandsThe policy ssl command entered in context subcommand mode replaces the ssl-proxy policy ssl command entered in global subcommand moderenegotiation volume size timeout handshake timeouthelp renegotiation interval time2-42 all-export-All export ciphers all-strong-All strong ciphers defaultExamples 2-43This example shows how to enter the SSL-policy configuration submode 2-44 Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleCatalyst 6500 Series Switch SSL Services Module Command Reference policy sslpolicy tcp 2-45Defaults Command Modesdelayed-ack-threshold delay delayed-ack-timeout timerno timeout fin-wait timeout-in-seconds no timeout inactivity timeout-in-secondsno timeout reassembly time no tos carryover2-47 Syntax2-48 This example shows how to define the maximum size for the TCP segmentpolicy url-rewrite 2-49Defaults Command ModesExamples 2-50Enter the no form of the command to remove the policy pool ca 2-51Defaults Command Modes Command History defaultservice service client command2-52 Defaultsauthenticate verify all signature-only default certificate inservice nat serverinservice certificate rsa general-purpose trustpoint2-54 SyntaxDescription virtual policy ssl ssl-policy-name2-55 Related Commands show ssl-proxy serviceservice client policy health-probe tcp policy http-header2-56 Syntax Description Defaults Command Modesnat server client natpool-name virtual policy ssl ssl-policy-namevirtual policy tcp vlan vlanExamples 2-58Related Commands show ssl-proxy service show interfaces ssl-proxy show interfaces ssl-proxy 0.subinterface2-59 DefaultsThis command has no default settings show ssl-proxy buffersshow ssl-proxy buffers 2-60show ssl-proxy certificate-history service name show ssl-proxy certificate-history2-61 Defaults Command Modes Command History2-62 Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleCatalyst 6500 Series Switch SSL Services Module Command Reference ExamplesRelated Commands service 2-63Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Referenceshow ssl-proxy conn service name context name module module show ssl-proxy connshow ssl-proxy conn module module 4tuple2-65 ReleaseModification context name2-66 Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleCatalyst 6500 Series Switch SSL Services Module Command Reference ssl-proxy# show ssl-proxy conn service iis1show ssl-proxy context show ssl-proxy context name2-67 Defaultsshow ssl-proxy crash-info show ssl-proxy crash-info brief detailsbrief details2-69 Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleCatalyst 6500 Series Switch SSL Services Module Command Reference show ssl-proxy crash-infoshow ssl-proxy mac address show ssl-proxy mac address2-70 Syntax Description Defaults Command Modes Command Historyshow ssl-proxy natpool show ssl-proxy natpool namecontext name2-71 Defaults Command Modes Command Historyshow ssl-proxy policy url-rewrite namehealth-probe tcp http-header2-73 Reassembly timeoutDisabled Delayed ACK timerssl-proxy# show ssl-proxy policy health-probe tcp tcp-health 2-74policy tcp policy url-rewrite show ssl-proxy service show ssl-proxy service namecontext name2-75 Defaults Command Modes Command History2-76 Related Commands serviceChapter 2 Commands for the Catalyst 6500 Series SSL Services Module show ssl-proxy servicecontent show ssl-proxy statsshow ssl-proxy stats type 2-772-78 Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleCatalyst 6500 Series Switch SSL Services Module Command Reference Examples2-79 Chapter 2 Commands for the Catalyst 6500 Series SSL Services Moduleshow ssl-proxy stats ssl-proxy# show ssl-proxy stats pki PKI Memory Usage Counters2-80 Chapter 2 Commands for the Catalyst 6500 Series SSL Services Modulessl-proxy# show ssl-proxy stats context Context name Default Catalyst 6500 Series Switch SSL Services Module Command Reference2-81 Chapter 2 Commands for the Catalyst 6500 Series SSL Services Modulessl-proxy# show ssl-proxy stats content Catalyst 6500 Series Switch SSL Services Module Command Referenceshow ssl-proxy status show ssl-proxy status fdu ssl tcpSyntax Description Optional Displays the FDU status2-83 Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleCatalyst 6500 Series Switch SSL Services Module Command Reference show ssl-proxy statusshow ssl-proxy version show ssl-proxy version2-84 Syntax Description Defaults Command Modes Command HistoryRelated Commands show ssl-proxy vlanshow ssl-proxy vlan vlan-iddebugmodule module 2-85snmp-server enable Defaults Command Modes Command History Examplesinforms trapsssl-proxy context ssl-proxy context name no ssl-proxy context namePurpose and Guidelines description descriptionPurpose and Guidelines 2-88Command Defaultsssl-proxy crypto selftest ssl-proxy crypto selftest time-interval secondsno ssl-proxy crypto selftest time-intervalThis example shows how to configure a MAC address ssl-proxy mac addressssl-proxy mac address mac-addr 2-90no ssl-proxy pki authenticate cache certificate history authenticatetimeout seconds timeout minutesExamples 2-92Related Commands show ssl-proxy stats ssl-proxy crypto key unlock rsa ssl-proxy crypto key unlock rsa key-name passphrase passphrase2-93 Defaults Command Modes Command Historyssl-proxy ip-frag-ttl ssl-proxy ip-frag-ttl time2-94 Syntax Description Defaults Command Modesssl-proxy ssl ratelimit ssl-proxy ssl ratelimit no ssl-proxy ssl ratelimit2-95 Defaultsstandby authentication standby group-number authentication text stringno standby group-number authentication text string 2-96standby delay minimum reload standby delay minimum min-delay reload reload-delayno standby delay minimum min-delay reload reload-delay 2-97show standby delay 2-98Related Commands Chapter 2 Commands for the Catalyst 6500 Series SSL Services ModuleDefaults Command Modes Command History Usage Guidelines standby ip2-99 Syntax DescriptionExamples 2-100used by the hot standby group is learned using HSRP standby mac-address no standby group-number mac-addressAPPN 2-101Examples show standby2-102 standby mac-refresh standby mac-refresh seconds no standby mac-refresh2-103 Defaults Command Modes Command HistoryThis example shows how to specifiy the standby name as SanJoseHA standby namestandby name group-name no standby name group-name 2-104standby preempt 2-105Defaults Command Modes Command HistoryExamples 2-106ssl-proxy config-subif# standby preempt delay minimum standby priority no standby group-number priority priority2-107 Defaults Command Modes Command History2-108 Related CommandsChapter 2 Commands for the Catalyst 6500 Series SSL Services Module Catalyst 6500 Series Switch SSL Services Module Command Referenceenable disabletimers standby redirectsThis example shows how to allow HSRP to filter ICMP redirect messages Related Commands show standbyshow standby redirect 2-110standby timers 2-111Defaults Command Modes Command History2-112 timers 5standby timers msec 300 msec Examplesstandby track 2-113Defaults Command Modes Command History Syntax DescriptionRouter A Configuration Router B ConfigurationRelated Commands standby preempt 2-114standby use-bia standby use-bia scope interface no standby use-biascope interface 2-115This example shows how to configure HSRP version standby versionstandby version 1 Specifies HSRP versionAcronyms A P P E N D I X AAcronym ExpansionTable A-1 List of Acronyms continued AcronymExpansion Acronym ExpansionAcronym ExpansionAcronym ExpansionAcronym ExpansionAcronym ExpansionAcronym ExpansionCatalyst 6500 Series Switch SSL Services Module Command Reference AcronymExpansion Table A-1 List of Acronyms continuedA-10 Catalyst 6500 Series Switch SSL Services Module Command ReferenceAppendix A Acronyms OL-9105-01Acknowledgments for Open-Source Software A P P E N D I X BOL-9105-01 Catalyst 6500 Series Switch SSL Services Module Command ReferenceAppendix B Acronyms Symbols NumericsI N D E IN-1IN-2 secondary interface IN-3configuring IN-4 IN-5 IN-6 Catalyst 6500 Series Switch SSL Services Module Command ReferenceIndex OL-9105-01