Sslv2 keyword enables SSL version | Cisco Systems OL-7029-01

Chapter 3 Commands Specific to the Content Switching Module with SSL

ssl-proxy service client

Table 3-9	Proxy-client Configuration Submode Command Descriptions (continued)

Syntax		Description

nat {server client natpool-name}		Specifies the usage of either server NAT or client NAT for the server side
		connection that is opened by the Content Switching Module with SSL.

policy urlrewrite policy-name		Applies a URL rewrite policy to the proxy server.

server ipaddr ip-addrprotocol protocol		Defines the IP address of the target server for the proxy server. You can also
port portno [sslv2]		specify the port number and the transport protocol. The target IP address can
		be a virtual IP address of an SLB device or a real IP address of a web server.
		The sslv2 keyword enables SSL version 2.

server policy tcp		Applies a TCP policy to the server side of a proxy server. You can specify the
server-side-tcp-policy-name		port number and the transport protocol.

virtual {ipaddr ip-addr} {protocol		Defines the IP address of the target server for the proxy server. You can also
protocol} {port portno} [secondary]		specify the port number and the transport protocol. The target IP address can
		be a virtual IP address of an SLB device or a real IP address of a web server.
		The sslv2 keyword specifies the server that is used for handling SSL
		version 2 traffic.

virtual {policy ssl ssl-policy-name}		Applies an SSL policy with the client side of a proxy server.

virtual {policy tcp		Applies a TCP policy to the client side of a proxy server.
client-side-tcp-policy-name}

Both secured and bridge mode between the Content Switching Module (CSM) and the Content Switching Module with SSL is supported.

Use the secondary keyword (optional) for bridge-mode topology.

Examples

This example shows how to enter the client proxy-service configuration submode:

ssl-proxy (config)# ssl-proxy service S7 client

ssl-proxy (config-ssl-proxy)#

This example shows how to configure the certificate for the specified SSL-proxy services:

ssl-proxy(config-ssl-proxy)#certificate rsa general-purpose trustpoint tp1

ssl-proxy (config-ssl-proxy)#

These examples show how to set a specified command to its default value:

ssl-proxy (config-ssl-proxy)# default certificate ssl-proxy (config-ssl-proxy)# default inservice ssl-proxy (config-ssl-proxy)# default nat ssl-proxy (config-ssl-proxy)# default server ssl-proxy (config-ssl-proxy)# default virtual ssl-proxy (config-ssl-proxy)#

This example shows how to configure a virtual IP address for the specified virtual server:

ssl-proxy(config-ssl-proxy)#virtual ipaddr 207.59.100.20 protocol tcp port 443

ssl-proxy (config-ssl-proxy)#

This example shows how to configure the SSL policy for the specified virtual server:

ssl-proxy (config-ssl-proxy)# virtual policy ssl sslpl1 ssl-proxy (config-ssl-proxy)#

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

	OL-7029-01	3-71

Cisco Systems OL-7029-01 manual Applies a URL rewrite policy to the proxy server

Models: OL-7029-01

Syntax

nat {server client natpool-name}

policy urlrewrite policy-name

Applies a URL rewrite policy to the proxy server.

server ipaddr ip-addrprotocol protocol

port portno [sslv2]

The sslv2 keyword enables SSL version 2.

server policy tcp

virtual {ipaddr ip-addr} {protocol

protocol} {port portno} [secondary]

virtual {policy ssl ssl-policy-name}

virtual {policy tcp

client-side-tcp-policy-name}

Examples

ssl-proxy (config)# ssl-proxy service S7 client

ssl-proxy (config-ssl-proxy)#

ssl-proxy (config-ssl-proxy)#

ssl-proxy (config-ssl-proxy)#