Configuring, Real and virtual servers for ssl termination mode – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 145

Advertising
background image

Brocade Virtual ADX Security Guide

133

53-1003250-01

Configuring Real and Virtual Servers for SSL Termination Mode

6

Configuring Real and Virtual Servers for SSL Termination Mode

When configuring a Brocade Virtual ADX for SSL Termination mode, the real and virtual servers
need to be configured to support these features. The following sections describe the procedures
and commands required. For a description of SSL Termination Mode, see

“SSL Termination Mode”

on page 99. For a detailed example of how to configure the SSL Termination Mode, see

“Configuration examples for SSL Termination Mode”

on page 134.

NOTE

SSL Termination mode can be configured for setups where an IPv4 real server is bound to an IPv4
virtual server or where an IPv6 real server is bound to an IPv6 virtual server. It is not supported for
setups that use IPv4 and IPv6 together in the same configuration because the IPv4 to IPv6 gateway
(SLB 446 prefix) does not support SSL. Do not bind an SSL port of an IPv6 real server to an SSL port
of an IPv4 virtual server.

NOTE

Do not configure a 664 VIP to an SSL termination configuration. The connections will fail.

Configuring real and virtual servers for SSL Termination Mode

Real and virtual server configuration is described in detail in the Brocade Virtual ADX Server Load
Balancing Guide. When configuring a real or virtual server for SSL Termination Mode, you need to
do the following:

Configure a real server with an HTTP port

Configure a virtual server with an SSL port

Enable SSL termination and specify an SSL profile on the SSL port of the virtual server

Bind SSL on the virtual server to an HTTP port on a real server

For IPv4 real server to IPv4 virtual server
In the example below an IPv4 real server and a IPv4 virtual server are configured for SSL
Termination mode with the following details:

An HTTP port is defined on the real server rs1.

An SSL port is defined on the virtual server vip1.

SSL Termination is enabled and the SSL profile myprofile is specified on the virtual server vip1.

A bind is configured between SSL on virtual server vip1 and HTTP on real server rs1.

Virtual ADX(config)#server real rs1 10.1.1.1

Virtual ADX(config-rs-rs1)#port http

Virtual ADX(config-rs-rs1)#exit

Virtual ADX(config)#server virtual-name-or-ip vip1

Virtual ADX(config-vs-vip1)#port ssl

Virtual ADX(config-vs-vip1)#port ssl ssl-terminate myprofile

Virtual ADX(config-vs-vip1)#bind ssl rs1 http

For IPv6 real server to IPv6 virtual server
In the example below an IPv6 real server and a IPv6 virtual server are configured for SSL
Termination mode with the following details:

An HTTP port is defined on the real server rs2.

Advertising
Popular Brands
Popular manuals