Foundry ServerIron 4G-SSL config

!Using 8832 out of 393214 bytes

!

ver 10.1.00TI2

!

!

!

trunk switch ethe 3 to 4 

!

!

!

ssl profile workplace-ssh

 keypair-file workplace-key

 certificate-file workplacechain

 cipher-suite all-cipher-suites

 disable-ssl-v2

 session-cache off

ssl profile corp1-ssl

 keypair-file corp1-key

 certificate-file corp1chain

 cipher-suite all-cipher-suites

 disable-ssl-v2

 session-cache off

ssl profile groupware

 keypair-file groupware-key                                      

 certificate-file groupwarechain

 cipher-suite all-cipher-suites

 disable-ssl-v2

 session-cache off

!

server backup ethe 3 0012.f27c.5400 vlan-id 100

server no-graceful-shutdown

!

!

server port 80

 tcp

 udp

server port 8080

 tcp

server port 8081

 tcp

server port 8083                                                  

 tcp

server port 8084

 tcp

server port 8085

 tcp

server port 8087

 tcp

server port 8089

 tcp

server port 8090

 tcp

server port 8086

 tcp

server port 8082

 tcp

                                                                  

server port 8088

 tcp

server port 8092

 tcp

server port 8093

 tcp

server port 8094

 tcp

server port 81

 tcp

 tcp keepalive use-master-state

server port 82

 tcp

 tcp keepalive use-master-state

server source-nat-ip 192.168.5.62 255.255.255.0 192.168.5.1 port-range 2

server source-nat-ip 192.168.5.63 255.255.255.0 192.168.5.1 port-range 2 for-ssl

server source-nat-ip 192.168.5.64 255.255.255.0 192.168.5.1 port-range 2 for-ssl

!

!

!

csw-rule "r1" url prefix "html" 

csw-rule "r15" url prefix "/sales" 

csw-rule "r17" url prefix "/PVWeb" 

csw-rule "r2" header "Host" pattern "webtest.corp1.com" 

csw-rule "r21" url prefix "/finance" 

csw-rule "r25" url prefix "/edocs" 

csw-rule "r3" header "Host" pattern "webtest.corp1groupware.com" 

csw-rule "r30" url prefix "/acctg" 

csw-rule "r35" url prefix "/eforms" 

csw-rule "r45" url prefix "/custdb" 

csw-rule "r50" url prefix "/estatement" 

csw-rule "r55" url prefix "/ecosts" 

csw-rule "r60" url prefix "/ereports" 

csw-rule "r65" url prefix "/ebenefits" 

csw-rule "r70" url prefix "/elabels" 

csw-rule "r75" url prefix "/etraining" 

csw-rule "r80" url prefix "/eordering" 

!

!

!                                                                 

csw-policy "app-forward" 

 match "r15" forward 11

 match "r25" forward 25

 match "r21" forward 21

 match "r30" forward 30

 match "r35" forward 35

 match "r45" forward 45

 match "r50" forward 50

 match "r55" forward 55

 match "r60" forward 60

 match "r65" forward 65

 match "r70" forward 70

 match "r75" forward 75

 match "r80" forward 80

 match "r2" forward 2

 match "r3" forward 3

 default forward 2

!

csw-policy "redirect" 

 match "r15" redirect "*" "*" ssl

 match "r17" redirect "PVweb.corp1.com" "*" ssl

 match "r25" redirect "*" "*" ssl

 match "r21" redirect "*" "*" ssl                                 

 match "r30" redirect "*" "*" ssl

 match "r35" redirect "*" "*" ssl

 match "r45" redirect "*" "*" ssl

 match "r50" redirect "*" "*" ssl

 match "r55" redirect "*" "*" ssl

 match "r1" forward 1218

 match "r1" rewrite request-insert client-ip

 match "r60" redirect "*" "*" ssl

 match "r65" redirect "*" "*" ssl

 match "r70" redirect "*" "*" ssl

 match "r75" redirect "*" "*" ssl

 match "r80" redirect "*" "*" ssl

 default forward 1

 default rewrite request-insert client-ip

!

!

server real pvwwwt001 192.168.5.40

 source-nat

 port http

 port http keepalive

 port http url "HEAD /"

 port http server-id 1218

 port http group-id  1 1                                          

 port 8080

 port 8080 keepalive

 port 8080 group-id  11 11

 port 8080 url "GET /sales/includes/isalive.html"

 port 8081

 port 8081 keepalive

 port 8081 group-id  21 21

 port 8081 url "GET /finance/isalive.html"

 port 8082

 port 8082 keepalive

 port 8082 group-id  25 25

 port 8082 url "GET /edocs/isalive.html"

 port 8083

 port 8083 keepalive

 port 8083 group-id  30 30

 port 8083 url "GET /acctg/isalive.html"

 port 8084

 port 8084 keepalive

 port 8084 group-id  35 35

 port 8084 url "GET /eforms/isalive.html"

 port 8086

 port 8086 keepalive

 port 8086 group-id  45 45                                        

 port 8086 url "GET /custdb/isalive.html"

 port 8087

 port 8087 keepalive

 port 8087 group-id  50 50

 port 8087 url "GET /estatement/isalive.html"

 port 8088

 port 8088 keepalive

 port 8088 group-id  55 55

 port 8088 url "GET /ecosts/isalive.html"

 port 8089

 port 8089 keepalive

 port 8089 group-id  60 60

 port 8089 url "GET /ereports/isalive.htm"

 port 8092

 port 8092 keepalive

 port 8092 group-id  65 65

 port 8092 url "GET /ebenefits/"

 port 8090

 port 8090 keepalive

 port 8090 group-id  70 70

 port 8090 url "GET /elabels/"

 port 8094

 port 8094 keepalive                                              

 port 8094 group-id  80 80

 port 8094 url "GET /eordering/isalive.html"

 port 81

 port 81 group-id  2 2

!

server real pvwwwt003 192.168.5.50

 source-nat

 port http

 port http keepalive

 port http url "HEAD /"

 port http server-id 1211

 port http group-id  1 1

 port 8080

 port 8080 keepalive

 port 8080 group-id  11 11

 port 8080 url "GET /sales/includes/isalive.html"

 port 8082

 port 8082 keepalive

 port 8082 group-id  25 25

 port 8082 url "GET /edocs/isalive.html"

 port 8081

 port 8081 keepalive

 port 8081 group-id  21 21                                        

 port 8081 url "GET /finance/isalive.html"

 port 8083

 port 8083 keepalive

 port 8083 group-id  30 30

 port 8083 url "GET /acctg/isalive.html"

 port 8084

 port 8084 keepalive

 port 8084 group-id  35 35

 port 8084 url "GET /eforms/isalive.html"

 port 8086

 port 8086 keepalive

 port 8086 group-id  45 45

 port 8086 url "GET /custdb/isalive.html"

 port 8087

 port 8087 keepalive

 port 8087 group-id  50 50

 port 8087 url "GET /estatement/isalive.html"

 port 8088

 port 8088 keepalive

 port 8088 group-id  55 55

 port 8088 url "GET /ecosts/isalive.html"

 port 8089

 port 8089 keepalive                                              

 port 8089 group-id  60 60

 port 8089 url "GET /ereports/isalive.htm"

 port 8092

 port 8092 keepalive

 port 8092 group-id  65 65

 port 8092 url "GET /ebenefits/"

 port 8090

 port 8090 keepalive

 port 8090 group-id  70 70

 port 8090 url "GET /elabels/"

 port 8094

 port 8094 keepalive

 port 8094 group-id  80 80

 port 8094 url "GET /eordering/isalive.html"

 port 81

 port 81 group-id  2 2

!

server remote-name pvwwwt002 192.168.4.70

 source-nat

 port http

 port http keepalive

 port http url "GET /"

!                                                                 

server remote-name pvwwwt004 192.168.4.71

 source-nat

 port http

 port http keepalive

 port http url "GET /"

!

server real t001-groupware 192.168.5.101

 source-nat

 port http

 port http keepalive

 port http url "HEAD /"

 port http group-id  1 1

 port 8093

 port 8093 keepalive

 port 8093 group-id  75 75

 port 8093 url "GET /etraining/isalive.html"

 port 82

 port 82 group-id  3 3

!

server real t003-groupware 192.168.5.102

 source-nat

 port http

 port http keepalive                                              

 port http url "HEAD /"

 port http group-id  1 1

 port 8093

 port 8093 keepalive

 port 8093 group-id  75 75

 port 8093 url "GET /etraining/isalive.html"

 port 82

 port 82 group-id  3 3

!

!

server virtual webtest1 192.168.5.61

 port default sticky

 port http

 port http cookie-name "ServerID"

 port http csw-policy "redirect"

 port http csw

 port http request-insert client-ip "X-Forwarded-For"

 port ssl sticky

 port ssl ssl-terminate corp1-ssl

 port ssl csw-policy "app-forward"

 port ssl csw

 bind http pvwwwt001 http pvwwwt003 http

 bind ssl pvwwwt001 81 real-port http pvwwwt003 81 real-port http pvwwwt001 8080 pvwwwt003 8080

 bind ssl pvwwwt001 8081 pvwwwt003 8081 pvwwwt001 8082 pvwwwt003 8082

 bind ssl pvwwwt001 8083 pvwwwt003 8083 pvwwwt001 8084 pvwwwt001 8087

 bind ssl pvwwwt003 8087 pvwwwt001 8088 pvwwwt003 8088 pvwwwt003 8084

 bind ssl pvwwwt001 8086 pvwwwt003 8086 pvwwwt001 8089 pvwwwt003 8089

 bind ssl pvwwwt001 8092 pvwwwt003 8092 pvwwwt001 8090 pvwwwt003 8090

 bind ssl pvwwwt001 8094 pvwwwt003 8094

!

server virtual salestest 192.168.5.67

 port default sticky

 port http

 bind http pvwwwt002 http pvwwwt004 http

!

server virtual groupware 192.168.5.100

 port default sticky

 port http

 port http cookie-name "ServerID"

 port http csw-policy "redirect"

 port http csw

 port http request-insert client-ip "X-Forwarded-For"

 port ssl sticky

 port ssl ssl-terminate groupware

 port ssl csw-policy "app-forward"

 port ssl csw                                                     

 bind http t001-groupware http t003-groupware http

 bind ssl t001-groupware 8093 t003-groupware 8093 t001-groupware 82 real-port http t003-groupware 82 real-port http

!

!

!

!

!

vlan 1 name DEFAULT-VLAN by port

 no spanning-tree

!

vlan 100 name HOT-SYNC by port

 untagged ethe 3 to 4 

 no spanning-tree

!

!

aaa authentication web-server default local

aaa authentication login default local

no enable aaa console                                             

hostname foundry1

ip address 192.168.5.60 255.255.255.0

ip default-gateway 192.168.5.1

ip dns domain-name corp1.com

ip dns server-address 192.168.1.11 192.168.1.10

logging buffered 1000

telnet server

snmp-server

clock summer-time

clock timezone us Central

web-management

!

!

!

!

ip ssh  idle-time 240

!

!

end

Posted by Paul Valentino

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)