Cisco Systems OL-7029-01

3-71

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

Chapter3 Commands Specific to the Cont ent Switching Module with SSL

ssl-proxy service client

Both secured and bridge mode between the Content Switching Module (CSM) and the Content

Switching Module with SSL is supported.

Use the secondary keyword (optional) for bridge-mode topology.

Examples This example shows how to enter the client proxy-service configuration submode:

ssl-proxy (config)# ssl-proxy service S7 client

ssl-proxy (config-ssl-proxy)#

This example shows how to configure the certificate for the specified SSL-proxy services:

ssl-proxy (config-ssl-proxy)# certificate rsa general-purpose trustpoint tp1

ssl-proxy (config-ssl-proxy)#

These examples show how to set a specified command to its default value:

ssl-proxy (config-ssl-proxy)# default certificate

ssl-proxy (config-ssl-proxy)# default inservice

ssl-proxy (config-ssl-proxy)# default nat

ssl-proxy (config-ssl-proxy)# default server

ssl-proxy (config-ssl-proxy)# default virtual

ssl-proxy (config-ssl-proxy)#

This example shows how to configure a virtual IP address for the specified v irtual server:

ssl-proxy (config-ssl-proxy)# virtual ipaddr 207.59.100.20 protocol tcp port 443

ssl-proxy (config-ssl-proxy)#

This example shows how to configure the SSL policy for the specified virtual server:

ssl-proxy (config-ssl-proxy)# virtual policy ssl sslpl1

ssl-proxy (config-ssl-proxy)#

nat {server | client natpool-name} Specifies the usage of either server NAT or client NAT for the server side

connection that is opened by the Content Switching Module with SSL.

policy urlrewrite policy-name Applies a URL rewrite policy to the proxy server.

server ipaddr ip-addr protocol protocol

port portno [sslv2]

Defines the IP address of the target server for the proxy server. You can also

specify the port number and the transport protocol. The target IP address can

be a virtual IP address of an SLB device or a real IP address of a web server.

The sslv2 keyword enables SSL version 2.

server policy tcp

server-side-tcp-policy-name

Applies a TCP policy to the server side of a proxy server. You can specify the

port number and the transport protocol.

virtual {ipaddr ip-addr} {protocol

protocol} {port portno} [secondary]

Defines the IP address of the target server for the proxy server. You can also

specify the port number and the transport protocol. The target IP address can

be a virtual IP address of an SLB device or a real IP address of a web server.

The sslv2 keyword specifies the server that is used for handling SSL

version 2 traffic.

virtual {policy ssl ssl-policy-name} Applies an SSL policy with the client side of a proxy server.

virtual {policy tcp

client-side-tcp-policy-name}

Applies a TCP policy to the client side of a proxy server.

Table3-9 Proxy-client Configuration Submode Command Descriptions (continued)

Syntax Description