!Using 7149 out of 393214 bytes
!
ver 10.1.00TI2
!
!
!
!
!
!
ssl profile pvalentino-ssh
keypair-file pvalentino-key
certificate-file pvalentinochain
cipher-suite all-cipher-suites
session-cache off
ssl profile siteC-ssh
keypair-file siteC-key
certificate-file siteCchain
cipher-suite all-cipher-suites
session-cache off
ssl profile siteB-ssh
keypair-file collegeplace-key
certificate-file collegeplacechain
cipher-suite all-cipher-suites
session-cache off
!
server no-graceful-shutdown
!
!
!
!
server port 80
tcp
udp
server port 8080
tcp
server port 8081
tcp
server port 8083
tcp
server port 8084
tcp
server port 8085
tcp
server port 8087
tcp
server port 8089
tcp
server port 8090
tcp
server port 8086
tcp
server source-nat-ip 192.168.5.62 255.255.255.0 192.168.5.1 port-range 2
server source-nat-ip 192.168.5.63 255.255.255.0 192.168.5.1 port-range 2 for-ssl
!
!
! Match applications traffic by url
csw-rule "r1" url prefix "/server"
csw-rule "r10" url prefix "/ftpadmin"
csw-rule "r11" url prefix "/projects"
csw-rule "r12" url prefix "/servletMaile"
csw-rule "r13" url prefix "/addbook"
csw-rule "r14" url prefix "/office"
csw-rule "r15" url prefix "/pvapp"
csw-rule "r16" url prefix "/siteB"
csw-rule "r2" url prefix "/albums"
csw-rule "r3" url prefix "/wages"
csw-rule "r4" url prefix "/forms"
csw-rule "r5" url prefix "/tickets"
csw-rule "r6" url prefix "/purchasing"
csw-rule "r7" url prefix "/statements"
csw-rule "r8" url prefix "/reports"
csw-rule "r9" url prefix "/labels"
!
!
! Forward all application traffic to ssl terminated on the 4G
csw-policy "redirect"
match "r3" redirect "*" "*" ssl
match "r4" redirect "*" "*" ssl
match "r5" redirect "*" "*" ssl
match "r6" redirect "*" "*" ssl
match "r7" redirect "*" "*" ssl
match "r8" redirect "*" "*" ssl
match "r9" redirect "*" "*" ssl
match "r10" redirect "*" "*" ssl
match "r11" redirect "*" "*" ssl
match "r12" redirect "*" "*" ssl
match "r13" redirect "*" "*" ssl
match "r14" redirect "*" "*" ssl
match "r2" redirect "*" "*" ssl
match "r1" redirect "*" "*" ssl
match "r15" redirect "*" "*" ssl
match "r16" redirect "*" "*" ssl
! Forward all application traffic to the corresponding app servers
csw-policy "wls_forward"
match "r1" forward 2
match "r3" forward 4
match "r4" forward 4
match "r5" forward 4
match "r6" forward 4
match "r7" forward 4
match "r8" forward 5
match "r9" forward 6
match "r10" forward 7
match "r11" forward 7
match "r12" forward 8
match "r13" forward 9
match "r14" forward 10
match "r2" forward 3
match "r15" forward 11
match "r16" forward 8
default forward 4
!
!
server real pvweb001 192.168.5.40
source-nat
port http
port http keepalive
port http url "GET /"
port 8080
port 8080 keepalive
port 8080 group-id 1 1
port 8080 url "GET /"
!
server real pvweb003 192.168.5.50
source-nat
port http
port http keepalive
port http url "GET /"
port 8080
port 8080 keepalive
port 8080 group-id 1 1
port 8080 url "GET /"
!
server real webtest.siteB.com 192.168.5.41
source-nat
port http
port http keepalive
port http url "GET /"
port 8080
port 8080 keepalive
port 8080 url "GET /"
!
server real webtest.siteB.com2 192.168.5.51
source-nat
port http
port http keepalive
port http url "GET /"
port 8080
port 8080 keepalive
port 8080 url "GET /"
!
server real webtest.siteC.com 192.168.5.42
source-nat
port http
port http keepalive
port http url "GET /labels/index.htm"
port 8080
port 8080 keepalive
port 8080 url "GET /labels/index.htm"
!
server real webtest.siteC.com2 192.168.5.52
source-nat
port http
port http keepalive
port http url "GET /labels/index.htm"
port 8080
port 8080 keepalive
port 8080 url "GET /labels/index.htm"
!
server remote-name wls-server 192.168.17.68
source-nat
port 8080
port 8080 keepalive
port 8080 group-id 2 2
port 8080 url "GET /server/login.jsp"
port 8086
port 8086 keepalive
port 8086 group-id 3 3
port 8086 url "GET /albums/default.htm"
port 8081
port 8081 keepalive
port 8081 group-id 4 4
port 8083
port 8083 keepalive
port 8083 group-id 5 5
port 8083 url "GET /reports/login.jsp"
port 8084
port 8084 keepalive
port 8084 group-id 6 6
port 8084 url "GET /labels/index.htm"
port 8087
port 8087 keepalive
port 8087 group-id 7 7
port 8087 url "GET /ftpadmin/index.jsp"
port 8090
port 8090 keepalive
port 8090 group-id 8 8
port 8090 url "GET /servletMailer/index.html"
port 8089
port 8089 keepalive
port 8089 group-id 9 9
port 8089 url "GET /addbook/start.do"
port 8085
port 8085 keepalive
port 8085 group-id 10 10
port 8085 url "GET /office/login.jsp"
!
server remote-name pvweb002 192.168.4.70
source-nat
port http
port http keepalive
port http url "GET /"
!
server remote-name pvweb004 192.168.4.71
source-nat
port http
port http keepalive
port http url "GET /"
!
server remote-name appsrvt 192.168.4.17
source-nat
port 8080
port 8080 keepalive
port 8080 group-id 11 11
port 8080 url "GET /pvapp/home.do"
!
!
server virtual webtest1 192.168.5.61
port default sticky
port http
port http reset-on-port-fail
port http csw-policy "redirect"
port http csw
port ssl sticky
port ssl ssl-terminate pvalentino-ssh
port ssl reset-on-port-fail
port ssl csw-policy "wls_forward"
port ssl csw
bind http pvweb001 http pvweb003 http
bind ssl wls-server 8080 wls-server 8086 wls-server 8081 wls-server 8083
bind ssl wls-server 8084 wls-server 8087 wls-server 8085 wls-server 8089
bind ssl wls-server 8090 appsrvt 8080
!
server virtual siteB 192.168.5.65
port default sticky
port http
port http reset-on-port-fail
port ssl sticky
port ssl ssl-terminate siteB-ssh
port ssl reset-on-port-fail
bind http webtest.siteB.com http webtest.siteB.com2 http
bind ssl webtest.siteB.com 8080 webtest.siteB.com2 8080
!
server virtual siteC 192.168.5.66
port default sticky
port http
port http reset-on-port-fail
port ssl sticky
port ssl ssl-terminate siteC-ssh
port ssl reset-on-port-fail
bind http webtest.siteC.com http webtest.siteC.com2 http
bind ssl webtest.siteC.com 8080 webtest.siteC.com2 8080
!
server virtual pvapptest 192.168.5.67
port default sticky
port http
port http reset-on-port-fail
bind http pvweb002 http pvweb004 http
!
!
!
!
!
vlan 1 name DEFAULT-VLAN by port
no spanning-tree
!
vlan 2 by port
tagged ethe 4
no spanning-tree
!
!
aaa authentication web-server default local
aaa authentication login default local
no enable aaa console
hostname pvlbs-4G1
ip address 192.168.5.60 255.255.255.0
ip default-gateway 192.168.5.1
ip dns domain-name pvalentino.org
ip dns server-address 192.168.1.11 192.168.1.10
logging buffered 1000
telnet server
username pvalentino password .....
snmp-server
clock summer-time
clock timezone us Central
web-management
!
!
!
!
!
!
end
No comments:
Post a Comment