Download  Print this page

Cisco Catalyst 6500 Series Command Reference Manual Page 58

Ssl services module command reference.
Hide thumbs


policy health-probe tcp
Table 2-2
TCP Health Probe Submode Command Descriptions (continued)
open-timeout seconds
port port_number
This example shows how to configure TCP health probe to check whether service at port 80 is up and
running on server IP address
ssl-proxy(config)# ssl-proxy context ssl
ssl-proxy(config-context)# service ssl-1
ssl-proxy(config-ctx-ssl-proxy)# virtual ipddr protocol tcp port 443
ssl-proxy(config-ctx-ssl-proxy)# server ipaddr protocol tcp port 80
ssl-proxy(config-ctx-ssl-proxy)# certificate rsa general-purpose trustpoint cert1024
ssl-proxy(config-ctx-ssl-proxy)# policy health-probe tcp probe1
ssl-proxy(config-ctx-ssl-proxy)# inservice
ssl-proxy(config-ctx-ssl-proxy)# exit
ssl-proxy(config-context)# policy health-probe tcp probe1
ssl-proxy(config-ctx-tcp-probe)# end
This example shows the state of the SSL proxy service when the health probe has failed:
The proxy service is down until service at port 81 is up and running again.
ssl-proxy# show ssl-proxy service ssl-1 context ssl
Service id: 0, bound_service_id: 256
Virtual IP:, port: 443
Server IP:, port: 81
TCP Health Probe Policy: probe1
rsa-general-purpose certificate trustpoint: cert1024
Certificate chain for new connections:
Certificate chain complete
Catalyst 6500 Series Switch SSL Services Module Command Reference
(Optional) Allows you to set the maximum time to wait to establish a TCP
connection. The default is 80 seconds. The valid range is from 70 to 120
(Optional) Allows you to configure an optional port for the health probe.
Valid values are from 1 to 65535.
By default, the TCP health probe uses the server IP address and port for
the SSL server proxy service. Enter the port command to specify a
different port for the health probe.
If you configured the SSL server proxy service with no nat server, the
TCP health probe uses the virtual IP address that you configured on the
SSL server proxy service instead of the server IP address.
See the
SSL server proxy service.
Key Label: cert1024.key, 1024-bit, exportable
Key Timestamp: 05:18:23 UTC Dec 30 2005
Serial Number: 12F332E200000000000D
Root CA Certificate:
Serial Number: 6522F512C30E078447D8AFC35567B101
Chapter 2
Commands for the Catalyst 6500 Series SSL Services Module
TCP health probe is not supported when you configure a wildcard
proxy and no nat server on the SSL server proxy service.
"service" section on page 2-52
for information on configuring the


Table of Contents

   Related Manuals for Cisco Catalyst 6500 Series

Comments to this Manuals

Symbols: 0
Latest comments: