Configuring ssl termination mode, Configuration examples for ssl, Termination and proxy modes 176 – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 190

Advertising

176

ServerIron ADX Security Guide

53-1002440-03

Configuration Examples for SSL Termination and Proxy Modes

This section describes the procedures required to perform the configurations described in

on page 138. As shown in the examples

there, SSL Termination mode provides for an SSL connection between clients to the ServerIron
ADX. When configuring SSL Proxy Mode a configuration is created between the ServerIron ADX and
the server. In this case, the ServerIron ADX is configured as a client to the server.

Configuring SSL Termination Mode

In this mode, for enabling VRRPE for VIP address, it is necessary to use a different source-nat-ip for
ssl traffic.

For performing this function, use the following syntax:

Syntax: server source-nat-ip <ip> <mask> <gateway> port-range <range>

To configure SSL in the termination mode, perform the following tasks in sequence:

1. Generate or obtain an RSA key pair and copy it to the ServerIron ADX

2. Obtain a digital certificate and copy it to the ServerIron ADX

3. Create an SSL profile as described in

“Allowing Self Signed Certificates”

on page 169

4. Within the SSL profile specify a keypair file as described in

“Specifying a keypair file”