Config transparent Proxy with LDAP authen with L4 switch?

Similar Messages

• Error in authentication with ldap server with certificate

  Hi,
  i have a problem in authentication with ldap server with certificate.
  here i am using java API to authenticate.
  Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
  I issued the new certificate which is having the up to 5 years valid time.
  is java will authenticate up to one year only?
  Can any body help on this issue...
  Regards
  Ranga

  sorry i am gettting ythe same error
  javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
  here when i am using the old certificate and changing the system date means i can get the authentication.
  can you tell where we can concentrate and solve the issue..
  where is the issue
  1. need to check with the ldap server only
  2. problem in java code only.
  thanks in advance

• LDAP authenication with authorization roles

  I currently have LDAP functioning and working correctly on my application (APEX 4.0). Our system is limited to a certain number of users witiin the AD group that can access the system. I have created an authorization scheme that looks at a database table to determine if the user has access to the system. If I put this authorization scheme on the login process of the login page it works successfully however the failure error message does not show up if the user does not have access. If I put this authorization scheme on the page that you are redirected to after login I get the message. However, what I would like to do is have this authorization failure message appear as a pop up message on the login screen once the login button is pressed. Is this possible?
  Thank You!

  However, what I would like to do is have this authorization failure message appear as a pop up
  message on the login screen once the login button is pressed. Is this possible?Create a 'Page processing' process that runs after the login completes. Apply the authorization function to it. If it fails the authorization, this should abort the login and display an error on the login page. Theoretically... not something I've needed to do.

• Transparent proxy with ACE+CE (Client-ip spoof) slow response.

  I have configed transparent proxy with ACE and CE510+Bluecoat. I also enable client-ip spoofing. I use PBR for redirect request web page from client to ACE and I also use PBR for return traffic from any web servers to ACE(make complete flow for client-ip spoofing). Any thing is fine, but I have a little bit issue that when I try to browse to the new website and ACE load my request to CE510, I seem long time for page response, I monitor at ACE, it show connection is "ESTABLISH". When first page on these new website response after that I try to browse other pages on these new website, the response is normal. This happen for everytime that I test. I have already send configuration of ACE and CE. Anyone, please see anything that I config is correct. Thank you very much.

  Following link may help you
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00806b728a.html

• LDAP Intigration with Oracle BPM 10.3.0.0.0

  Hi,
  I want to know about integration with LDAP connectivity with Oracle BPM suite.
  We don’t have any knowledge between the integration on Oracle BPM suit & LDAP.
  Please do the needful on the same as soon as possible.
  With Best Regards,
  Ratna Prasad.

  I configured LDAP directory, and I was able to see the participants. However the group information is not retrieved properly. Here is the error
  (cont) ] Main: Invalid characters found for attribute [OU name].
  [     (cont)     ] Main: Detail:Attribute [OU name] cannot be assigned the following value: [Dev/Test].
  [     (cont)     ] Main: The invalid character is: [].
  [     (cont)     ] Main:
  [     (cont)     ] Main: fuego.directory.exception.InvalidAttributeValueException: Invalid characters found for attribute [OU name].
  [     (cont)     ] Main: Detail:Attribute [OU name] cannot be assigned the following value: [Dev/Test].
  [     (cont)     ] Main: The invalid character is: [].
  [     (cont)     ] Main:
  Any ideas on what can be the possible solution?
  Thanks

• System-wide Transparent Proxy With URL Patterns

  Internet censorship -where I live- has almost turned web unusable so  I decided to setup a transparent proxy using Tor for my home network.
  Since Tor is so slow -here- proxying all traffic through Tor would slow my connection to a crawl.  Therefore I need a mechanism to selectively proxy the traffic.
  I know a bit of 'iptables' and it looks to me like the solution to my problem.  However there's a trick.  As most of the websites I need to access through Tor (like Google+, Facebook and such) use several IP addresses for their entry points, it's almost impossible for me to add 'iptables' rules for all of those IP addresses.  I need a mechanism to proxy the traffic based on URL patterns.  For example I need to be able to proxy access to '*.facebook.com' through Tor.
  So the question boils down to:  how can I setup a system-wide transparent proxy using URL patterns?
  Any idea/hint is much appreciated.  TIA,
  Bahman
  Last edited by bahman (2012-01-04 07:48:44)

  Use privoxy with socks5 forwarding:
  http://www.privoxy.org/user-manual/config.html#SOCKS
  http://www.privoxy.org/user-manual/acti … F-PATTERNS

• IPhoto '08 Book upload errors with squid transparent proxy - tip

  Hi folks
  I've just "solved" a problem I was having with iPhoto Book uploads. The solution may apply to other publishing products from iPhoto and possibly iDisk uploads too.
  My firewall & proxy setup is basically Linux iptables redirecting all outbound http (port 80) connections to a dansguardian filter, which in turn is passed onto a squid instance running as a transparent proxy (oh, and there's a privoxy in this all too!). Yeah, OK, I know, slightly paranoid, but I don't want my children accidently browsing stuff I don't think they are old enough for yet!
  Now I had the problem before with iPhoto '06 as well, but at the time just didn't have the time or inclination to figure out what the problem was, and just did the book order and upload from the office, where it went through without a problem. This time I decided to dig a bit and see what was happening. The clue that triggered off the solution was watching the part of the order process where the book data is uploaded. In my default setup, the upload bar would scream through to 100%, and then sit there for ages, before coming back with a connection error. Watching the network flashy lights on the NIC on the firewall though, it suddenly dawned on me that what was happening was that the upload was screaming through to the squid (as there was no outbound network activity from the firewall while this was happening) and then sitting there waiting for squid to pass it on to the Apple site (as shown by the outbound NIC activity light suddenly going bonkers once the uoload bar hit 100%).
  So clearly there's a problem sending book orders via a squid proxy setup as a transparent proxy. It might also very well be dansguardian interfering and wanting to take the entire upload and checking it before passing it on to squid. I already have site exception setup for all apple.com urls though in dansguardian, so didn't think it would be that. I thought about dicking around with the squid acl's but didn't have the enthusiasm to spend half the day getting that working.
  So what I did in the end was tail the squid logs to see what was being proxied whilst the book order was going on, and then dropped in 3 new rules in my iptables setup just before the redirect rule. Tried ordering the book again, and voila!
  The three rules I inserted were:
  $IPTABLES -t nat -A PREROUTING -s ! 10.1.1.1 -p tcp -d mercury.apple.com -j ACCEPT
  $IPTABLES -t nat -A PREROUTING -s ! 10.1.1.1 -p tcp -d configuration.apple.com -j ACCEPT
  $IPTABLES -t nat -A PREROUTING -s ! 10.1.1.1 -p tcp -d publish.mac.com -j ACCEPT
  The "-s ! 10.1.1.1" bit is obviously particular to my setup, as I wouldn't want connections from the router itself being proxied, so that may need to either be customised or left out altogether. These three rules are then immediately followed by the redirect:
  $IPTABLES -t nat -A PREROUTING -s ! 10.1.1.1 -p tcp --dport 80 -j REDIRECT --to-port 8081
  Hope that is of some help to someone out there!
  K

  Tony,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
  - Check all of the other support tools and options available at
  http://support.novell.com.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Proxy Setup LMS3.2 with Proxyless/transparent doesnt work

  Hello,
  For CCO connection we need a proxyless connection (transparent proxy without the need for Proxy-IP/Port/User, working IE settings are for Direct Internet connections) but LMS3.2 isnt able to provide this:
  1. Proxy Server Setup doesnt accept "No Proxy" or empty Proxy fileds
  2. SW Center Please => SW-Update brings after entering my CCO-Account:
  ERROR: Unable to connect to Cisco.com. Please check D:/PROGRA~2/CSCOpx/log/psu.log file for details. Download operation cannot proceed.
  => check psu.log:
  [ Mon Jan 25 17:48:30 CET 2010 ] INFO   [SecurityHandler : getCSProxyHost]  : No proxy Host configured
  [ Mon Jan 25 17:48:30 CET 2010 ] INFO   [SecurityHandler : getCSProxyPort]  : No proxy port confgured
  [ Mon Jan 25 17:48:35 CET 2010 ] INFO   [SecurityHandler : getCSProxyHost]  : No proxy Host configured
  Is there any workarround to can use proxless connection for CCO-Access from LMS?
  Steffen

  If the proxying is transparent to the client, then there is nothing you need to do in LMS.  The "No proxy" messages in the psu.log are informational.  Technically, you do not have a proxy, and that is fine.  If the transparent proxy is configured to intercept HTTP traffic, then things should just work.  LMS should be able to connect to Cisco.com just fine without proxy settings.  If you need to see why this isn't working, start a sniffer trace filtering on tcp/80 traffic to www.cisco.com.  Run the software update job, and the capture should show the problem.

• How to config the proxy of Bpel process manager(with password)

  HI, i met the quetion as below
  The The Oracle BPEL Process Designer & Manager server is installed on my computer in domin of my company, so if One of the BPEL processes deployed on the BPEL server needs to access a synchronous Web service hosted outside the firewall .i need to config the proxy, but the proxy of my company needs my ID and password to access outside . after I congfig the proxy
  option of designer and build the Process, there will be pop-up a dialog box and ask for my ID & password .But how i config the proxy of Bpel process manager?? I read the tecnote about HTTP Proxy Configuration and config the proxy in the obsetenv.bat ,but it seems has no information about my ID&password in obsetenv.bat.
  The question is How can i let the Bpel process manager know my proxy and ID&password ?? pls help me ,thx!

  I have set these value in obsetenv.bat as follows, and I restart the Bpel manager server and designer.
  but the same issue still occur:
  set OB_JAVA_PROPERTIES="-Djavax.wsdl.factory.WSDLFactory=oracle.j2ee.ws.wsdl.factory.WSDLFactoryImpl" "-Dhttp.proxySet=true" "-Dhttp.proxyHost=pxysha" "-Dhttp.proxyPort=8080" "-Dhttp.proxyUser=oocldm\hanfi" "-Dhttp.proxyPassword=123456" "-Dhttp.nonProxyHosts=localhost".
  At the same time, I have set proxy server in bpel designer of eclipse, after I build the process,it can works well(which display BUILD SUCCESSFUL), but the bpel server display error message as below :
  Exception Name:
  Failed to read wsdl
  Exception Description:
  Error happened when reading wsdl at "C:\orabpel\domains\default\tmp\.bpel_TerraFlow_1.0.jar\TerraServiceRef.wsdl", because "WSDLException: faultCode=PARSER_ERROR: Error reading file: Server returned HTTP response code: 407 for URL: http://terraserver.microsoft.com/TerraService.asmx?WSDL".
  what happen ?

• How to configure ldap.ora with multiple ldap contexts

  Hello.
  My company has recently taken on another environment with it's own LDAP configuration. It's a bit tedious to have to keep switching my ldap.ora for both ldap configurations. Are there any good suggestions for either allowing me to search both LDAP configurations (2 separate LDAP setups, with 2 default context)? Or is there a smooth way to populate 1 LDAP with the others data? Or perhaps some form of redirect on one LDAP to the other LDAP server for queries?
  Some basic info: LDAP is Oracle OID version 10gR2
  Please let me know if you have any useful ideas...

  Hi,
  Here is the of OVD benefits :
  1-Easy to setup and manage via our Management client; 2-Unifies multiple directories into a single access point; 3-Normalize and Unify multiple directories; 4-Directly accesses remote repositories;
  5-Allows a unified view of an entry using data from multiple repositories;6-Can act as an LDAP proxy and firewall;
  Why you can not use OVD to improve these? Read, LDAP to the other LDAP server for queries, allowing you to search both LDAP?
  I hope this helps.
  Thiago L Guimaraes

• Role creation in OIM 11.1.1.5.0 fails with LDAP Sync Enabled

  I am in the process of configuring LDAP sync for OIM 11.1.1.5.0 with ODSEE.
  At this time, when I add a user in OIM, I can see that the user gets created in LDAP under the LDAP dn that I supplied when configuring OIM (Configuration process screen name = "LDAP Server Continued", field name = "LDAP User Container")
  However when I try to add a role in OIM, the call fails. OIM server logs have the following exception message:
  <Jul 14, 2011 1:21:52 PM EDT> <Warning> <oracle.iam.callbacks.common> <IAM-2030146> <[CALLBACKMSG] Are applicable policies present for this async eventhandler ? : false>
  <Jul 14, 2011 1:21:53 PM EDT> <Error> <oracle.iam.platform.entitymgr.provider.ldap> <IAM-0042002> <An error occurred while creating the entity in LDAP, and the corresponding error is - {0}
  javax.naming.NameNotFoundException: Error: NO_SUCH_OBJECT
  null [Root exception is oracle.ods.virtualization.service.VirtualizationException]
  at oracle.ods.virtualization.jndi.OVDUtil.mapErrorCode(OVDUtil.java:151)
  at oracle.ods.virtualization.jndi.OVDContext.createSubcontext(OVDContext.java:512)
  at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:183)
  at oracle.iam.platform.entitymgr.provider.ldap.LDAPUtil.createSubcontext(LDAPUtil.java:1045)
  at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.create(LDAPDataProvider.java:487)
  at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:291)
  at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:239)
  at oracle.iam.ldapsync.impl.eventhandlers.role.RoleCreateLDAPHandler.create(RoleCreateLDAPHandler.java:128)
  at oracle.iam.ldapsync.impl.eventhandlers.role.RoleCreateLDAPHandler.execute(RoleCreateLDAPHandler.java:46)
  at oracle.iam.platform.kernel.impl.OrchProcessData.runPreProcessEvents(OrchProcessData.java:898)
  at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:634)
  at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
  at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:664)
  at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:435)
  at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:381)
  at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:334)
  at oracle.iam.identity.rolemgmt.impl.RoleManagerImpl.create(RoleManagerImpl.java:188)
  at oracle.iam.identity.rolemgmt.api.RoleManagerEJB.createx(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
  at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
  Any idea whats going on?
  When configuring OIM, I provided a value for the "LDAP Role Container" as "ou=Groups,dc=mycompany,dc=com". The docs shown an example of "cn=groups, dc=mycountry, dc=com" (see http://download.oracle.com/docs/cd/E21764_01/install.1111/e12002/oidonly.htm#CDDDIAIC, step 18). Could this difference in container type be causing this problem?
  Any idea where OIM stores this container information if I wanted to test ldap sync with the different roles container?
  Thanks
  Aspi Engineer
  Putnam Investments

  Aspi,
  OIM keeps its ldap config under "$IDM_HOME/server/ldap_config_util" as "ldapconfig.props"
  Thanks,
  Sandeep Gupta

• LDAP setup with SSL - Can't use tls auth type

  I'm trying to configure Solaris 10 to use ldap against my OpenLDAP server with SSL but whenever I try to set the authentication as tls:simple, it gives me an error :
  # ldapclient mod -a authenticationMethod=tls:simple
  Cannot specify LDAP port with tls
  # ldapclient mod -a authenticationMethod=tls
  Unable to set value: invalid authenticationMethod (tls)
  Any ideas how to get this to work - I can do an ldapsearch if I supply a -H ldaps://ldapserver:636 so my certs in /var/ldap are good.
  NS_LDAP_FILE_VERSION= 2.0
  NS_LDAP_BINDDN= cn=srv_login,ou=LDAPusers,dc=unix_srv,dc=energy.ge.com
  NS_LDAP_BINDPASSWD= {NS1}c53708877bc6
  NS_LDAP_SERVERS= 10.10.1.14:636
  NS_LDAP_SEARCH_BASEDN= dc=unix_srv,dc=energy.ge.com
  NS_LDAP_SEARCH_REF= FALSE
  NS_LDAP_SERVER_PREF= 10.10.1.14:636
  NS_LDAP_CACHETTL= 0
  NS_LDAP_CREDENTIAL_LEVEL= proxy
  NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=unix_srv,dc=energy.ge.com?sub
  NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=unix_srv,dc=energy.ge.com?sub
  NS_LDAP_SERVICE_SEARCH_DESC= group:ou=Group,dc=unix_srv,dc=energy.ge.com?one
  Thanks,
  Jay

  When using TLS you have to specify the FQN for the LDAP server and the port is ALWAYS 636.
  Also, you need to setup up your client to use FQN as well (/etc/hosts).

• Setting up LDAP realm with WLI 7

  Any pointer to Step by step instruction on to how to set up LDAP realm for Access Control with Weblogic integration 7

  Pramit Basu <[email protected]> wrote:
  Any pointer to Step by step instruction on to how to set up LDAP realm
  for Access Control with Weblogic integration 7In order to use LDAP realm with WLI 7.0, you need to do the following steps:
  1) In WebLogic server level, you need to create a Caching Realm and a LDAP realm.
  First, please backup your original config.xml file. Then, you can start configure
  the realms. You can do this by modifying the config.xml file, or through WLS console.
  After you have done this, your config.xml file should contain the following:
  <LDAPRealm AuthProtocol="none"
  Credential="{3DES}rYiW/DkUxq4UPwR0XLbM9w=="
  GroupDN="o=beasys.com,ou=Groups" GroupIsContext="false"
  GroupNameAttribute="cn" GroupUsernameAttribute="uniquemember"
  LDAPURL="ldap://jpengdesk:389"
  Name="LDAPRealmForNetscapeDirectoryServer" Principal="cn=admin"
  UserAuthentication="bind" UserDN="o=beasys.com,ou=People"
  UserNameAttribute="uid" UserPasswordAttribute="userpassword"/>
  --- You can also do this in Console. Please make sure the "UserDN" and "GroupDN"
  values are correct according to the groups and users stored on your LDAP server.
  In my example here, "beasys.com" is my root entry, and I have all the users created
  underneath of OU "People", and I have all the groups created in OU "Groups".
  <CachingRealm BasicRealm="LDAPRealmForNetscapeDirectoryServer" Name="MyCaching
  Realm"/>
  --- You can do this in console by clicking on "Caching Realms", then click on
  the link of "Configure a new Caching Realm". Name it as "MyCaching Realm", and
  select "LDAPRealmForNetscapeDirectoryServer" as the BasicRealm.
  <Realm CachingRealm="MyCaching Realm" FileRealm="myFileRealm" Name="myRealm"/>
  --- you can do this in console by clicking on "Compatibility Security", then click
  on the "Filerealm" tab, then, in the "Caching Realm" field, select MyCaching Realm"
  from the pull down comb box.
  Please make sure all the names are related. See above example, the value in blue
  color should match, and the value in red color should match too.
  Please see the attached config.xml file for reference.
  2) Create the users in LDAP server. In my example, I simply created 3 users underneath
  of OU &#8220;People&#8221;, they are:
  weblogic
  wlisystem
  admin
  &#8220;weblogic&#8221; is the user I used as my system administrator user, which
  I used to boot my WLS server and access my WLS console.
  &#8220;wlisystem&#8221; and &#8220;admin&#8221; are the users created for WLI
  component.
  3) Create 11 groups in LDAP server. In my example, as I mentioned above, I create
  all these groups underneath of OU &#8220;Groups&#8221;. These groups are:
  ConfigureComponents
  Administrators
  wlpiUsers
  MonitorInstance
  ExecuteTemplate
  CreateTemplate
  UpdateTemplate
  DeleteTemplate
  AdminsterUser
  ConfigureSystem
  wlpiAdministrators
  Also, add the users created in step 2 into all of these groups.
  4) Clean up the fileRealm.properties file.
  Backup your original fileRealm.properties file. Then, remove all the entries starting
  with &#8220;user.xxx&#8221; and &#8220;group.xxx&#8221;, only leave those entries
  starting with &#8220;acl.xxx&#8221;.
  Please see the attached &#8220;fileRealm.properties&#8221; file for reference.
  5) Restart your WLI server. Verify the users and groups you defined in LDAP server
  are displayed in WLS console correctly. You can see the user and group information
  in &#8220;Compatibility Security&#8221; à &#8220;Users&#8221;, and &#8220;Compatibility
  Security&#8221; à &#8220;Groups&#8221; respectively.
  6) Start your studio to design a simple Workflow. When you login, the authentication
  of your username and password is against the LDAP server, since you don&#8217;t
  have any user entries in your fiel realm any more.
  7) Start your Worklist to execute the workflow. Also, When you login, the authentication
  of your username and password is against the LDAP server, since you don&#8217;t
  have any user entries in your fiel realm any more.
  Once you execute the workflow, you can verify that workflow instance in Studio.
  You can monitor the instance, and delete the instance.

• Policy Studio to LDAP Repository with WSS Password Digest for Authn

  Hi,
  We are trying to connect to an external LDAP user repository from OEG for authentication. This is configured via Policy Studio.
  Our services are secured with WSS UsernameToken with password digest.
  However, the list of available Repository is only limited to Local Repositories. I can't see the LDAP repository that I've added. But when I select clear password, then I can see all repositories including the LDAP repository. Is digest password not supported?
  Hope someone could help!
  Thanks!

  Thanks Patrick! That thread helped. I got the proxy service to use the customized WS-Policy.
  Do you know of any tool to create the password digest given a plain text password? Also, is there any particular algorithm that weblogic uses to store the digest in the authenticator? I am currently using soapUI to act as a client for unit testing purposes. I tried supplying the WSS header with the inbuilt feature of 'Add WSS Username Token' in soapUI. It adds the username, password digest, nonce and created date. However, I get the 'Failed to assert identity with UsernameToken' exception in the log. The request never gets through.
  Edited by: SOAer on Apr 8, 2011 9:07 AM

• How to Configure Transparent caching on Cat 6500 with CSM in bridge mode?

  hi.
  I found How to Configure Transparent caching on Cat 6500 with CSM in routed mode.
  But,
  I need help How to Configure Transparent caching on Cat 6500 with CSM in bridge mode?
  Please let me know sample configuration.
  thanks.

  Hi,
  I wrote the document you mentioned and I also wrote the one below.
  http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_configuration_example09186a00802c1201.shtml
  The one with the SSLM is a bridge mode config.
  If you replace the SSLM with a cache [or a farm of caches] it would be a similar config.
  Replace the SSL21 vserver with an HTTP vserver [most important is to keep the vlan configured on each vserver]
  Regards,
  Gilles.