Cisco Catalyst 6500 Series Command Reference Manual page 58

Ssl services module command reference

Hide thumbs Also See for Catalyst 6500 Series:

Software configuration manual (570 pages)

Configuration manual (392 pages)

Configuration note (212 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

page of 160

/ 160
Contents
Table of Contents
Bookmarks

Table of Contents

policy health-probe tcp

Table 2-2

TCP Health Probe Submode Command Descriptions (continued)

Syntax

open-timeout seconds

port port_number

Examples

This example shows how to configure TCP health probe to check whether service at port 80 is up and

running on server IP address 19.0.0.1:

ssl-proxy(config)# ssl-proxy context ssl

ssl-proxy(config-context)# service ssl-1

ssl-proxy(config-ctx-ssl-proxy)# virtual ipddr 7.100.100.180 protocol tcp port 443

ssl-proxy(config-ctx-ssl-proxy)# server ipaddr 19.0.0.1 protocol tcp port 80

ssl-proxy(config-ctx-ssl-proxy)# certificate rsa general-purpose trustpoint cert1024

ssl-proxy(config-ctx-ssl-proxy)# policy health-probe tcp probe1

ssl-proxy(config-ctx-ssl-proxy)# inservice

ssl-proxy(config-ctx-ssl-proxy)# exit

ssl-proxy(config-context)# policy health-probe tcp probe1

ssl-proxy(config-ctx-tcp-probe)# end

ssl-proxy#

This example shows the state of the SSL proxy service when the health probe has failed:

Note

The proxy service is down until service at port 81 is up and running again.

ssl-proxy# show ssl-proxy service ssl-1 context ssl

Service id: 0, bound_service_id: 256

Virtual IP: 7.100.100.180, port: 443

Server IP: 19.0.0.1, port: 81

TCP Health Probe Policy: probe1

rsa-general-purpose certificate trustpoint: cert1024

Certificate chain for new connections:

Certificate chain complete

Catalyst 6500 Series Switch SSL Services Module Command Reference

2-32

Description

(Optional) Allows you to set the maximum time to wait to establish a TCP

connection. The default is 80 seconds. The valid range is from 70 to 120

seconds.

(Optional) Allows you to configure an optional port for the health probe.

Valid values are from 1 to 65535.

By default, the TCP health probe uses the server IP address and port for

the SSL server proxy service. Enter the port command to specify a

different port for the health probe.

If you configured the SSL server proxy service with no nat server, the

TCP health probe uses the virtual IP address that you configured on the

SSL server proxy service instead of the server IP address.

Note

See the

SSL server proxy service.

Certificate:

Key Label: cert1024.key, 1024-bit, exportable

Key Timestamp: 05:18:23 UTC Dec 30 2005

Serial Number: 12F332E200000000000D

Root CA Certificate:

Serial Number: 6522F512C30E078447D8AFC35567B101

Chapter 2

Commands for the Catalyst 6500 Series SSL Services Module

TCP health probe is not supported when you configure a wildcard

proxy and no nat server on the SSL server proxy service.

"service" section on page 2-52

for information on configuring the

OL-9105-01

Table of Contents

Cisco Catalyst 6500 Series Command Reference Manual page 58

Related Manuals for Cisco Catalyst 6500 Series

Related Products for Cisco Catalyst 6500 Series

Table of Contents