Table of Contents
Advertisement
Use with the CSS
Table B-3
One-Armed Transparent Proxy Installation Device Configuration
CSS Configuration
Create a VLAN for each Secure Content
•
Accelerator to be load balanced
Create a VLAN for the upstream router
•
•
Create a separate VLAN for the servers
•
Create a default route with the upstream
router as the gateway
•
Create a default route with each Secure
Content Accelerator as a gateway
Define a static route for each management
•
workstation not connected to a directly
attached subnet
•
Define a service for each Secure Content
Accelerator with its IP address, ensuring that
the type is "transparent" and that "no
cache-bypass" is configured
•
Create services as required for each server
(adding "keepalive" attributes as necessary)
•
Create Layer 4 content rules to balance the
Secure Content Accelerator devices; you may
use "advanced-balance ssl" and "application
ssl" to assist with SSL V.3 key reuse
Create Layer 5 rules for secure content
•
•
Create content rules as required for
non-secure content
•
Define ACLs and upstream router service to
ensure proper routing of traffic not terminated
on the CSS
Cisco 11000 Series Secure Content Accelerator Configuration Guide
B-22
Appendix B
Secure Content Accelerator Configuration
Export keys and certificates from any existing
•
secure servers, if necessary
Assign an IP address to each Secure Content
•
Accelerator as specified in the CSS
configuration
•
Assign a default route for each Secure
Content Accelerator using the CSS VLAN
circuit IP address as the gateway
Set up one or more logical secure servers
•
using QuickStart wizard (Chapter 3) or
configuration manager (Chapter 4)
Set up single-port operation using the mode
•
one-port command (Appendix C)
Deployment Examples
78-13124-06
Advertisement
Table of Contents
Troubleshooting
