Configuration Guide
Page 42
...Chapter 1 Overview Product Overview The Secure Content Accelerator is compatible with all Cisco content switches-the Cisco LocalDirector, the Catalyst Content Switching Module, and the Cisco CSS 11000 Series Content Services Switches. Simply load your key and certificate to a week for ...• Netscape International Step-Up Certificate and Microsoft Server Gated Cryptography support Cisco 11000 Series Secure Content Accelerator Configuration Guide 1-2 78-13124-06 The Cisco 11000 Series Secure Content Accelerator is a Secure Sockets Layer (SSL) offloading ...
...Chapter 1 Overview Product Overview The Secure Content Accelerator is compatible with all Cisco content switches-the Cisco LocalDirector, the Catalyst Content Switching Module, and the Cisco CSS 11000 Series Content Services Switches. Simply load your key and certificate to a week for ...• Netscape International Step-Up Certificate and Microsoft Server Gated Cryptography support Cisco 11000 Series Secure Content Accelerator Configuration Guide 1-2 78-13124-06 The Cisco 11000 Series Secure Content Accelerator is a Secure Sockets Layer (SSL) offloading ...
Configuration Guide
Page 47
...on a system that has an on a flat surface as a: • Free-standing unit • Rack-mounted unit 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 2-3 Operating the unit without the safety cover installed. The following sections describe the steps to the Secure ... unit has more than one power cord. To reduce the risk of the product. The Secure Content Accelerator can be placed on /off switch, turn OFF the power and unplug the power cord. Chapter 2 Installing the Hardware and Software Unpacking the Secure Content Accelerator Unpacking the Secure...
...on a system that has an on a flat surface as a: • Free-standing unit • Rack-mounted unit 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 2-3 Operating the unit without the safety cover installed. The following sections describe the steps to the Secure ... unit has more than one power cord. To reduce the risk of the product. The Secure Content Accelerator can be placed on /off switch, turn OFF the power and unplug the power cord. Chapter 2 Installing the Hardware and Software Unpacking the Secure Content Accelerator Unpacking the Secure...
Configuration Guide
Page 49
...that the system remains stable. Use the appropriate screwdriver and screws to secure each mounting bracket to the installation height. The following connectors, switches, and LEDs: • Two DB9 serial ports, marked "AUX" and "CONSOLE" • Two RJ-45 10/100 Ethernet interface ...ports, marked "SERVER" and "NETWORK" 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 2-5 Position the Secure Content Accelerator with the Secure Content Accelerator, a #2 Phillips screwdriver, rack-mounting ...
...that the system remains stable. Use the appropriate screwdriver and screws to secure each mounting bracket to the installation height. The following connectors, switches, and LEDs: • Two DB9 serial ports, marked "AUX" and "CONSOLE" • Two RJ-45 10/100 Ethernet interface ...ports, marked "SERVER" and "NETWORK" 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 2-5 Position the Secure Content Accelerator with the Secure Content Accelerator, a #2 Phillips screwdriver, rack-mounting ...
Configuration Guide
Page 50
Cisco 11000 Series Secure Content Accelerator Configuration Guide 2-6 78-13124-06 Panel Descriptions Chapter 2 Installing the Hardware and Software • Three Ethernet management LEDs associated with each port • One "TEST" LED • One "RESET" switch Figure 2-1 Secure Content Accelerator Front ...Panel The rear panel of the Secure Content Accelerator, shown in Figure 2-2, contains the following connectors and switches: • Two power inputs • Two power switches Figure 2-2 Secure Content Accelerator Rear Panel Figure 2-3 shows the LED layout of each LED on the SCA...
Cisco 11000 Series Secure Content Accelerator Configuration Guide 2-6 78-13124-06 Panel Descriptions Chapter 2 Installing the Hardware and Software • Three Ethernet management LEDs associated with each port • One "TEST" LED • One "RESET" switch Figure 2-1 Secure Content Accelerator Front ...Panel The rear panel of the Secure Content Accelerator, shown in Figure 2-2, contains the following connectors and switches: • Two power inputs • Two power switches Figure 2-2 Secure Content Accelerator Rear Panel Figure 2-3 shows the LED layout of each LED on the SCA...
Configuration Guide
Page 51
...Table 2-2 describes the function of the SCA2 Ethernet ports. Chapter 2 Installing the Hardware and Software Figure 2-3 SCA Ethernet Port Detail Reset Switch Test LED Panel Descriptions 100 ACT LNK Server 100 ACT LNK Network Table 2-1 SCA Port LED Descriptions LED Name LK Color Green TX Amber... are successful Self-diagnostics are running Figure 2-4 shows the LED layout of each LED on the device. Figure 2-4 SCA2 Ethernet Port Detail Reset Switch Test LED 100 ACT LNK Server 100 ACT LNK Network 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 2-7
...Table 2-2 describes the function of the SCA2 Ethernet ports. Chapter 2 Installing the Hardware and Software Figure 2-3 SCA Ethernet Port Detail Reset Switch Test LED Panel Descriptions 100 ACT LNK Server 100 ACT LNK Network Table 2-1 SCA Port LED Descriptions LED Name LK Color Green TX Amber... are successful Self-diagnostics are running Figure 2-4 shows the LED layout of each LED on the device. Figure 2-4 SCA2 Ethernet Port Detail Reset Switch Test LED 100 ACT LNK Server 100 ACT LNK Network 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 2-7
Configuration Guide
Page 52
...the power receptacle at the rear panel. 3. Ensure that you install the power cords, ensure that the Secure Content Accelerator power switches are running Identifying SCA Models SCA and SCA2 models can be differentiated by the text on ) position. Note Connect the power ...supplies to different circuits to the 1 (on the product label. Cisco 11000 Series Secure Content Accelerator Configuration Guide 2-8 78-13124-06 Switch the power switches to further ensure appliance availability. Attach the power cables to the Secure Content Accelerator by dual AC...
...the power receptacle at the rear panel. 3. Ensure that you install the power cords, ensure that the Secure Content Accelerator power switches are running Identifying SCA Models SCA and SCA2 models can be differentiated by the text on ) position. Note Connect the power ...supplies to different circuits to the 1 (on the product label. Cisco 11000 Series Secure Content Accelerator Configuration Guide 2-8 78-13124-06 Switch the power switches to further ensure appliance availability. Attach the power cables to the Secure Content Accelerator by dual AC...
Configuration Guide
Page 53
..., for connection viability. Caution If you are using the appliance in two-port mode, you must connect the cables to a hub or switch. Connect the "Network" port to a NIC. 1. If one or both client requests and server traffic travel through cable to connect...connectors. Use a crossover cable to connect the Secure Content Accelerator to the Internet. 2. Check the LK LEDs for suggestions. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 2-9 Connect the "Server" port to the servers (or to Ethernet. Use a straight-through the ...
..., for connection viability. Caution If you are using the appliance in two-port mode, you must connect the cables to a hub or switch. Connect the "Network" port to a NIC. 1. If one or both client requests and server traffic travel through cable to connect...connectors. Use a crossover cable to connect the Secure Content Accelerator to the Internet. 2. Check the LK LEDs for suggestions. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 2-9 Connect the "Server" port to the servers (or to Ethernet. Use a straight-through the ...
Configuration Guide
Page 109
... to activate the Network tabs. 2. Example: Configuring an Ethernet Interface 1. Use the list box in Figure 5-5. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 5-9 If the connection is shown in the Network Interface or Server Interface panel of the ...Settings tab to check the device configuration and try again. If you that the connection switches to a different subnet, redirection might not occur. Click Network to the device. Chapter 5 Graphical User Interface Reference General Configuration Examples...
... to activate the Network tabs. 2. Example: Configuring an Ethernet Interface 1. Use the list box in Figure 5-5. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide 5-9 If the connection is shown in the Network Interface or Server Interface panel of the ...Settings tab to check the device configuration and try again. If you that the connection switches to a different subnet, redirection might not occur. Click Network to the device. Chapter 5 Graphical User Interface Reference General Configuration Examples...
Configuration Guide
Page 165
Connect the "Network" Ethernet interface to as instructed previously. 2. Install the appliance as the CSS), see "Use with the CSS". 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide B-3 For information about configuring the Secure Content Accelerator in conjunction with a Load Balancer 1. Connect the "Server" Ethernet interface to the load balancer. Appendix B Deployment Examples Load Balancing Figure B-2 Secure Content Accelerator Installation with the CSS 11000 Series Content Services Switch (hereinafter referred to the Internet.
Connect the "Network" Ethernet interface to as instructed previously. 2. Install the appliance as the CSS), see "Use with the CSS". 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide B-3 For information about configuring the Secure Content Accelerator in conjunction with a Load Balancer 1. Connect the "Server" Ethernet interface to the load balancer. Appendix B Deployment Examples Load Balancing Figure B-2 Secure Content Accelerator Installation with the CSS 11000 Series Content Services Switch (hereinafter referred to the Internet.
Configuration Guide
Page 167
... devices are not created. The Secure Content Accelerator intercepts all port 443 traffic for both the CSS and Secure Content Accelerator. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide B-5 Table B-1 shows basic configuration actions for the IP addresses configured on it, decrypts the... B-3 Secure Content Accelerator In-Line Installation The CSS is used , each must be attached to a separate VLAN on the CSS and/or the upstream Layer 2 switch.
... devices are not created. The Secure Content Accelerator intercepts all port 443 traffic for both the CSS and Secure Content Accelerator. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide B-5 Table B-1 shows basic configuration actions for the IP addresses configured on it, decrypts the... B-3 Secure Content Accelerator In-Line Installation The CSS is used , each must be attached to a separate VLAN on the CSS and/or the upstream Layer 2 switch.
Configuration Guide
Page 172
B-10 Cisco 11000 Series Secure Content Accelerator Configuration Guide 78-13124-06 The one-armed non-transparent proxy deployment is required, use the command log-url when ... maxfailure 3 no keepalive enable end end One-Armed Non-Transparent Proxy This deployment uses a single CSS for load balancing SSL offloading and Layer 5 switching, allowing load balancing at up to a specific host. If IP address accounting is complex to configure, but it provides a high degree of...
B-10 Cisco 11000 Series Secure Content Accelerator Configuration Guide 78-13124-06 The one-armed non-transparent proxy deployment is required, use the command log-url when ... maxfailure 3 no keepalive enable end end One-Armed Non-Transparent Proxy This deployment uses a single CSS for load balancing SSL offloading and Layer 5 switching, allowing load balancing at up to a specific host. If IP address accounting is complex to configure, but it provides a high degree of...
Configuration Guide
Page 193
... address translation from traditional transparent proxy mode wherein the differentiation between offloaders and some models of load-balancing and content-switching gear. If a logical SSL server is a hybrid of transparent and no cache-bypass directives within the configuration will...address specified within the services definitions. Again, this is offered by uniqueness in transparent mode. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide B-31 This simplifies ACL implementations, as well as no transparent mode, transparent ...
... address translation from traditional transparent proxy mode wherein the differentiation between offloaders and some models of load-balancing and content-switching gear. If a logical SSL server is a hybrid of transparent and no cache-bypass directives within the configuration will...address specified within the services definitions. Again, this is offered by uniqueness in transparent mode. 78-13124-06 Cisco 11000 Series Secure Content Accelerator Configuration Guide B-31 This simplifies ACL implementations, as well as no transparent mode, transparent ...
Configuration Guide
Page 418
... on the network (hardware). Ensure cables are secure. In either by pressing the reset switch or using the correct type of cable (straight-through to connect to take. Cisco 11000 Series Secure Content Accelerator Configuration Guide E-2 78-13124-06 The length should not exceed...you are using the reload command in the flash memory is compliant with the Secure Content Accelerator and recommended actions to a switch or hub; Troubleshooting the Hardware Appendix E Troubleshooting Troubleshooting the Hardware Table E-1 lists some problems that may occur with 100Base-TX ...
... on the network (hardware). Ensure cables are secure. In either by pressing the reset switch or using the correct type of cable (straight-through to connect to take. Cisco 11000 Series Secure Content Accelerator Configuration Guide E-2 78-13124-06 The length should not exceed...you are using the reload command in the flash memory is compliant with the Secure Content Accelerator and recommended actions to a switch or hub; Troubleshooting the Hardware Appendix E Troubleshooting Troubleshooting the Hardware Table E-1 lists some problems that may occur with 100Base-TX ...
Configuration Guide
Page 422
...? Are the console settings correct? RMA Unit: Faulty No serial connection Is 1- or 2-port mode correctly set terminal to next flowchart Appendix E Troubleshooting Cisco 11000 Series Secure Content Accelerator Configuration Guide E-6 78-13124-06 Troubleshooting the Hardware Figure E-1 Troubleshooting Flowchart 1 Does the unit power up? Connect both power... No responsive? No Configure network settings Yes Go to 9600 (or 115,200), 8,N,1 Yes Yes Yes Reboot the device using the power switches Is the console responsive? set ? Set intended No operation mode;
...? Are the console settings correct? RMA Unit: Faulty No serial connection Is 1- or 2-port mode correctly set terminal to next flowchart Appendix E Troubleshooting Cisco 11000 Series Secure Content Accelerator Configuration Guide E-6 78-13124-06 Troubleshooting the Hardware Figure E-1 Troubleshooting Flowchart 1 Does the unit power up? Connect both power... No responsive? No Configure network settings Yes Go to 9600 (or 115,200), 8,N,1 Yes Yes Yes Reboot the device using the power switches Is the console responsive? set ? Set intended No operation mode;