Cisco Systems 6500 manual Secondary, No policy tcp, No policy ssl

Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module

webvpn gateway

Table 2-9 Virtual Gateway Submode Commands (continued)

To configure the mask address to specify a wildcard proxy service, use the ip address ip-addrcommand and use these guidelines:

•You must enter the secondary keyword to configure a wildcard proxy service.

•When you enter the secondary keyword, the WebVPN Services Module does not respond to ARP requests of the virtual IP address.

•You can enter the secondary keyword when the WebVPN Services Module is used in a standalone configuration or when the WebVPN Services Module is used as a real server on a load balancer (such as the CSM) configured in dispatch mode (MAC address rewrite).

•You can enter the secondary keyword if you configure multiple devices using the same virtual IP address. The virtual IP address can be any legal IP address, and does not have to be in the VLAN (subnet) connected to the WebVPN Services Module.

If you create a policy by entering the webvpn policy tcp command without specifying any parameters, the policy is created using the default values.

If the key (modulus) size is other than 512, 768, 1024, 1536, or 2048, you will receive an error and the trustpoint configuration is not applied. Replace the key by generating a key (using the same key-label) and specifying a supported modulus size, then reenter the name of the gateway that is used in the URL and the cookie mangling process using the gateway-namegateway-namecommand.