Appendix B Deployment Examples
Use with the CSS
B-12
Cisco 11000 Series Secure Content Accelerator Configuration Guide
78-13124-06
Below is a sample configuration for the CSS.
!Generated on 11/18/2000 17:38:37
!Active version: ap0400007s
configure
!*************************** GLOBAL ***************************
bridge spanning-tree disabled
ip route 0.0.0.0 0.0.0.0 10.100.1.1 1
Table B-2
One-Armed Non-Transparent Proxy Installation Device Configuration
CSS Configuration
Secure Content Accelerator Configuration
•
Create a VLAN for the upstream router
•
Create one VLAN for all connected Secure
Content Accelerator devices
•
Create a separate VLAN for the servers
•
Create a service for each Secure Content
Accelerator IP address and destination port
pair
•
Create services as required for each server
(adding “keepalive” attributes as necessary)
•
Create a default route to the upstream router
•
Create Layer 4 rules for each incoming VIP
and add appropriate Secure Content
Accelerator services
•
Create Layer 5 rules for the secure content
•
Create content rules as required for
non-secure content
•
Export keys and certificates from any existing
secure servers, if necessary
•
Assign an IP address to each Secure Content
Accelerator as specified in the CSS
configuration
•
Assign a default route for each Secure
Content Accelerator using the CSS VLAN
circuit IP address as the gateway
•
Set up one or more logical secure servers
using the QuickStart wizard (Chapter 3) or
configuration manager (Chapter 4)
•
Set up single-port operation using the mode
one-port command (Appendix C)
•
If client IP accounting is necessary, use the
log-url command to specify the host for
writing the access log