HTTPS Keepalive with the CSM & SSL Module

Similar Messages

• Load Balancing with a CSM & SSL Module

  I'm trying to understand the best way to balance traffic to two servers when decrypting and re-encrypting with the CSM and an SSL module. I take the SSL traffic hitting the first CSM VIP and forward to the SSL module for decryption. Send the decrypted traffic back to another VIP on the CSM. Send the traffic to the client proxy VIP on the SSL which encrypts the traffic and forwards to the CSM VIP. That final VIP passes the traffic to the serverfarm containing the actual servers. How do I make sure the traffic is balanced between the final VIP and my servers. It seems that sticking on SSL session ID is the only way to go at that point which made decryption pointless. I feel like I'm missing something basic here.
  Thanks..

  Hi David,
  Here find some full config example for your perusal for CSM and SSL Services Module Initial Configuration Example
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a0080216c16.shtml
  2nd config example to Configuring CSM to Load Balance SSL to a Farm of SCAs for One-Armed Proxy Mode
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00801aca55.shtml
  Sachin garg

• After Mavericks OS upgrade, can no longer make any HTTP requests with the OPTIONS verb

  My machine can no longer make any HTTP requests with the OPTIONS verb. This happens whether I try it curl, postman, or ajax.
  curl -i -X OPTIONS http://www.google.com returns curl: (52) Empty reply from server
  It should return a long string containing a 405 error code.
  I suspect that this is related to the Mavericks upgrade I did earlier this week. I only have one mac (my dev machine) with Mavericks. Other macs are Mountain Lion and they don't have this problem.
  Can anyone else with Mavericks confirm whether or not they have this problem too?
  If this is Mavericks related, anyone know of a fix or workaround?

  Turns out that it wasn't Mavericks related at all. Cisco AnyConnect has a security module running behind the scenes even when you're not VPNed into anything. It was blocking my OPTIONS verb requests. I was able to make these calls after uninstalling.
  Re-installing with Web Security turned off should prevent it from happening. While I was uninstalling I did notice that there was a web security uninstall script in /opt/cisco/vpn/bin but I already committed to taking the whole app off my machine. Simply running that script could have done it too.
  I must give credit to Ben Nadel. It was his blog post that helped me fix this issue.
  http://www.bennadel.com/blog/2559-Cisco-AnyConnect-VPN-Client-May-Block-CORS-AJA X-OPTIONS-Requests.htm?&_=0.10495476494543254#comments_44093

• Can i use Handle C with the LABVIEW FPGA module?

  Hi,
  Can i use Handle C with the LABVIEW FPGA module?  I am working with CompactRIO right now so, i want to know weather i can use Handle C with CompactRIO.Can i access FPGA in compactRIO independant of LABVIEW  means can i program it without using LABVIEW?
  regards,
  Vishnu.

  Hi Vishnu,
  Although we don't support Handel-C directly, it is possible to design your algorithms using 3rd party tools or system integrators and consume them from a top-level LabVIEW VI. The webcast at http://zone.ni.com/wv/app/doc/p/id/wv-268 shows an example of how you can use IP from C-based tools provided by Celoxica in the LabVIEW FPGA environment.

• HT1423 I am adding more memory, should I replace the top two slots with the 4g memory modules, then place 2g memory modules on bottom slots. Does it even matter?

  I am adding more memory, should I replace the top two slots with the 4g memory modules, then place 2g memory modules on bottom slots. Does it even matter?

  I am adding more memory, should I replace the top two slots with the 4g memory modules, then place 2g memory modules on bottom slots. Does it even matter?

• I am trying to get Adam 5000 TCP/IP with the 5018, 5056SO modules to talk throu TCP protocol

  Hi,
  I am trying to get Adam 5000 TCP/IP with the 5018, 5056SO modules to talk throu TCP protocol.  Please, is any body that has functional example or advice?
  Thank you
  Irik

  Hi Irik,
  I do not have any experience with these devices. Would it be possible to post their datasheets this will give me a better idea of their functionality. Thanks!
  Steven C

• HTTPS ans SSL with CSS (No SSL Module)

  Hi,
  My customers have two server and need to load balance.
  These servers initiate SSL.
  and VIP address is :
  https://erpappl.erp.mis.blabla.tgc:8005
  My CSS has no ssl module. An dconfiguration is:
  service venice
  ip address 10.200.104.32
  protocol tcp
  port 8005
  keepalive type tcp
  keepalive port 8005
  redundant-index 120
  active
  service calgary
  ip address 10.200.104.33
  protocol tcp
  port 8005
  keepalive type tcp
  keepalive port 8005
  redundant-index 121
  active
  owner ERPAPPL
  content erpapp_test
  add service venice
  add service calgary
  redundant-index 60
  vip address 10.200.104.28
  protocol tcp
  port 8005
  url "/*"
  arrowpoint-cookie expiration 00:00:03:00
  advanced-balance arrowpoint-cookie
  application ssl
  active
  After this configuration I cannot reach the URL shown above.
  Can you help me?

  if this is encrypted traffic [HTTPS] the CSS can't see the content of the packet.
  So the CSS can't see the url [-> so the command url "/*" is incorrtect and should be removed] and the CSS can't see cookies [so the arrowpoint-cookie command is wrong and should be removed].
  If we sell an SSL module, there is a reason :-)
  The only sticky option you can use are :
  - sticky based on srcip
  - sticky on sslid
  The first option [srcip] has a problem with mega proxy [many users being nated with the same ip] and the 2nd option has the problem that it only works with SSLV2 and that some browsers do not use the sslid.
  Gilles.

• How to use debug on CSM SSL module?

  I'm installing a new CSM with SSL module (WS-X6066-SLB-S-K9) and can't get the debugs to work. Acutally, I enabled debugging (to troubleshoot SSL Handshake problems) but nothing shows up on the screen or in the log. Any ideas?
  mcbconmrk105d1z2-ssl#show debugging
  STE Mgr:
  STE SSL Pkt debugging is on
  STE SSL Handshake events debugging is on
  STE SSL Alert events debugging is on
  STE SSL detailed debugging is on
  STE SSL error events debugging is on
  SSL Subsystem:
  SSL Handshake Message debugging is on
  SSL Traffic debugging is on
  SSL Error debugging is on
  SSL Event debugging is on
  mcbconmrk105d1z2-ssl#show log
  Syslog logging: enabled (0 messages dropped, 31 messages rate-limited, 0 flushes, 0 overruns, xml disabled)
  Console logging: level debugging, 254 messages logged, xml disabled
  Monitor logging: level debugging, 241 messages logged, xml disabled
  Logging to: vty4(0)
  Buffer logging: level debugging, 284 messages logged, xml disabled
  Logging Exception size (8192 bytes)
  Count and timestamp logging messages: disabled
  Trap logging: level informational, 324 message lines logged
  mcbconmrk105d1z2-ssl#
  Thanks in advance,
  Daniel

  the debug messages are displayed on a different console. The console is different depending on the type of debug.
  telnet 2001 ? FDU cpu
  telnet 2002 ? TCP cpu
  telnet 2003 ? SSL cpu
  Gilles.

• How to Filter Initial Client HTTP Headers on a CSS11506 SSL module

  Is there any way to filter the initial client headers on a css11506 ssl module ?? (software version 8.1)
  This is one of the default options on the "old" SCA11000 appliances.

  Douglas, with an SSL module, the CSS can decrypt HTTPS traffic and see the cleartext HTTP traffic.
  We can then apply any rules to the header.
  I think in this case, the question refered to some data injected in the http header by the CSS and filter what data from the client certificate should be dropped or inserted.
  We currently do not have this option on the CSS.
  Gilles.

• How do you configure multiple PXIe chassis to share Tclk synch with the 6672 timing module?

  Hi,
  I have two PXIe chassis, each with a number of digitizers (configured through NI-SCOPE). Each chassis has a PXIe 6672 timing module. I have downloaded the sample VI from:
  http://zone.ni.com/devzone/cda/epd/p/id/5254
  which deals with PXI chassis. My question is this: in the VIs at the above link (and in fact all VIs I've seen for using the 6672 for sharing triggers), the VI needs access to the resource identifiers for both Master and Slave timing modules, how do I access the (remote) slave resource identifier from the master chassis? I feel like I'm missing something obvious, but can I do this using just an ethernet connection, or do I need another module to enable the master chassis to view the devices on the slave chassis in MAX? 
  Thanks for any help you can provide,
  Cillian

  Those example VIs are written to be used when a single host PC is controlling multiple chassis so there is just one computer running the program.  Since both of your chassis have their own controllers it will be necessary to run a program on each (one as master, the other as slave).  You can modify the code from that example to create and Master and Slave VIs.  For the Master you will call the VIs as specified in case 0 of the example; for the Slave you will call the VIs as specified in the default, 1 case of the example.
  You will also want to send a signal from the Master to the Slave to let the Slave know that the clock is being generated.  You could use TCP/IP or a PFI line to do this.  The basic order of events should be as follows:
  1. VI runs on Slave to configure it to accept a clock.
  2. VI runs on Master to begin outputing the clock.
  3. Master sends a signal to Slave to let it know that the clock is being generated.
  4. Continue with the rest of your program.
  Let me know if you have any questions about this.
  Barron
  Applications Engineering
  National Instruments

• How many channels can I write in a same file with the Write Data Module (Dasylab 12.00.00) ?

  I would like to write data from a large number of channel (up to 128) in a same file. Using the write data module, I have up to 16 channels only ! The only solution I found is to save data in 8 different files... Is there any solution to solve this problem ? I use DASYLAB V.12.00.00. Thank you
  Solved!
  Go to Solution.

  Please see this knowledge base article describing how to do it.
  http://kb.mccdaq.com/KnowledgebaseArticle50372.aspx?Keywords=multiplex
  - cj
  Measurement Computing (MCC) has free technical support. Visit www.mccdaq.com and click on the "Support" tab for all support options, including DASYLab.

• Issue with the RFC function module - parameters

  Hi,
      When i am creating RFC enabled function module, it was throwing an error like <b>'Reference parameters are not allowed with RFC'.</b>. I am implementing the test scenario to create BAPI, for that i have created table with 2 fields. My main intension is through RFC enabled function module planning to update the ztable.
     When i was creating RFC enabled function module, it was giving error. I remembered that  i need to use new structure when i create RFC enabled function module, so even i created structure also with the same fields of table fields.
     can you please let me know the solution for this.
  Thanks
  jaya

  Hi Ferry,
      Your solution is perfect. can you please explain the below information...
  Call by value                                                                               
  You pass the parameter with values. This means that the parameter     
       contents are copied both when the parameter is passed and when it is  
       transferred back to the calling parameter. For structures that contain
       tables, performance may be reduced considerably. Therefore, you should
       not do this.                                                                               
  I created the parameters with reference to table-fields, what do you mean by 'Call by value'check box usage there.
  Is it mean ...if i change the contents of the field in FM will it pass back to the structure which i refered to this parameter, in this case its table-field.
  Thanks
  jaya

• Plz help me with the compaitble ram module

  hey
  i have a problem getting the RIGHT ram module. i got a MacBook Pro 15.4-inch 2.16GHz Core 2
  Duo (MA609LL/A)
  i wanna 2g ram. the one i bought (2GB SODIMM LOW DDR2 PC5300 667MHZ)worked for 40 days and then died. so i dunno what it is id need to buy.
  here's what the vendor had to say in reponse,
  +At first glance , I thought that memory was just bad and regular exchange+
  +would work . But after reading one post online, I contacted manufacturer+
  support.
  +This is unique scenario for you. You do need LOW density memory module for+
  +Apple MacBook Pro 2.16GHz Intel Core 2 Duo (15.4-inch) Laptop, but your System+
  +manufacturer is picky. What they need is not same spec as we have advertised.+
  +Their requirement is slightly different and there is cost difference.+
  +These are two Options for you+
  +Option 1 : Refund
  +Option 2 : Upgrade+
  +Option 2A : Memory upgrade from OEM manufacture. We have purchased from them+
  +and they are reliable. Price difference is low and it is what you need without+
  +spending bunch with major manufacturer. Cost difference is $ 17.50+
  +Option 2B : Memory upgrade from Major manufacturer as specifically recommended+
  +by Manufacturer.. Price difference is high but then you know it is what you+
  +have been asked by manufacturer to have . Cost difference is $ 18.50+
  +Thank you+

  Crucial is 1000x better and more reliable than some random seller on Ebay. I wouldn't buy RAM from Ebay, especially when you can get the same thing for $1.00 more from a much more reputable seller.
  If you have 1GB of RAM now, an upgrade to 2GB will make a big difference. I've enclosed links below to single 2GB chips that will be compatible with your MBP from both Crucial and OWC.
  CRUCIAL
  OWC
  You can decide which you like better, they are both $48.99 I believe.
  same thing to me, except for the brand name, i guess.
  The brand name is relatively important with RAM. Macs are selective about good quality RAM; dodgy RAM from just any random seller on Ebay may not work, as you found out. With either of these resellers, you also get a lifetime warranty. Anyone on these forums will tell you that they will stand firmly behind their product if it ever fails. Ever. You can't get any better than that.
  doesn't apple make one one of these? an apple brand?
  No. Apple uses third-party RAM in all of its machines. Apple does not make its own brand of RAM.
  --Travis

• Labview 2010 Student Edition, will it work with the Labview FPGA module and Xilinx Spartan 3E??

  Just as the title states.
  I did a search here on compatibility, but I am coming up short with not much to show for it.
  I have Labview 2010 student edition, 32bit and 64 bit. I am trying to do a Senior Design project for my undergrad, and I am having some issues.
  I was able to download the Support for the Xilinx Spartan 3E and Labview FPGA.
  I install it, it runs through the unzipping process, installs, and then mysteriously I cannot find it. I have looked through my programs list and it is not listed. I open both editions of LabView and I find ABSOLUTELY NOTHING indicating that either one has ANYTHING to do with FPGA.
  Did I install it wrong? Or is it just not supported in the studend version of Labview???
  Can someone help me, please?

  M Boat wrote:
  What about the trial version? Any chance of it being on there?
  I think everything is available for download, and without activation it will be in trial mode and you have about a month (?) before the trial expires.
  A trial version of the FPGA module is available for download here. I have no idea if it would work with the student version.
  I would recommend to talk to your local NI sales representative for advice. Good luck.
  LabVIEW Champion . Do more with less code and in less time .

• Trouble with the Blurb Book Module in Lightroom

  I have successfully created & finished one book in the Lightroom Book Module using Blurb without any issues. I started a second one but now I'm having problems. I have a saved book started that I'm about 10 pages in on. But now I can't figure out what's going wrong. 
  I have organized all the photos I want to use in the book into subdivided Collections. But now all the sudden - every time I click on one of the collections it goes off my Saved Book and just resets to a blank Unsaved Book. How can I add photos from my Collections to my Saved Book?
  Thanks!

  OK yes thank you. But that puts my 1200 photos that I've painstakingly organized into 25 different folders into one big jumble of a "folder."
  Is there any way to keep my photos organized and still put them in this one book?  I started the book out this way but something changed and it's no longer working to work that way.