B-11
Cisco 11000 Series Secure Content Accelerator Configuration Guide
78-13124-06
Appendix B Deployment Examples
Use with the CSS
Figure B-4
Secure Content Accelerator One-Armed Non-Transparent Proxy
Installation
In this deployment the CSS is configured with both Layer 4 and Layer 5 rules. For
each VIP configured on the CSS for services terminating on the Secure Content
Accelerator, a service must be defined for the Secure Content Accelerator devices,
each with a different destination port definition.
The Secure Content Accelerator does not use the IP address to ensure traffic is
sent to the correct server because the CSS changes the destination IP address to
that of the Secure Content Accelerator. The Secure Content Accelerator is
configured only at Layer 4. This configuration requires setting multiple
destination IP/destination port pairs on the Secure Content Accelerator. Bridge
loops are not created because all port 443 traffic terminates on Secure Content
Accelerator devices each connected to the CSS via a single port. Table B-2 shows
basic configuration actions for both the CSS and Secure Content Accelerator.