- Preface
- Using the WAAS Command-Line Interface
- Cisco WAAS Software Command Summary
- CLI Commands
- EXEC Mode Commands
- Global Configuration Mode Commands
- Interface Configuration Mode Commands
- Standard ACL Configuration Mode Commands
- Extended ACL Configuration Mode Commands
- Preposition Configuration Mode Commands
- PKI Certification Authority Configuration Mode Commands
- PKI Global Settings Configuration Mode Commands
- SSL Accelerated Service Configuration Mode Commands
- SSL Cipher List Configuration Mode Commands
- SSL Global Service Configuration Mode Commands
- SSL Host Peering Service Configuration Mode Commands
- SSL Management Service Configuration Mode Commands
- WCCP Configuration Mode Commands
- Service Context Configuration Mode Commands
- Service Node Group Configuration Mode Commands
- Service Node Configuration Mode Commands
- Service Context Configuration Mode Commands
- Class Map Configuration Mode Commands
- Policy Map Configuration Mode Commands
- Policy Map Class Configuration Mode Commands
- Acronyms and Abbreviations
- Command Summary by Mode
- (config-ssl-accelerated) cipher-list
- (config-ssl-accelerated) client-cert-key
- (config-ssl-accelerated) client-cert-verify
- (config-ssl-accelerated) client-version-rollback-check
- (config-ssl-accelerated) description
- (config-ssl-accelerated) inservice
- (config-ssl-accelerated) protocol-chaining enable
- (config-ssl-accelerated) server-cert-key
- (config-ssl-accelerated) server-cert-verify
- (config-ssl-accelerated) server-domain
- (config-ssl-accelerated) server-ip
- (config-ssl-accelerated) server-name
- (config-ssl-accelerated) version
SSL Accelerated Service Configuration Mode Commands
SSL accelerated services lets you enable and configure SSL acceleration on your WAAS system, and define services to be accelerated on the SSL path. To configure secure socket layer (SSL) encryption accelerated services on a WAAS device, use the crypto ssl services accelerated-service global configuration command. To delete a parameter use the no form of the command.
crypto ssl service accelerated-service < service-name> match sni
no crypto ssl service accelerated-service < service-name> match sni
Syntax Description
Defaults
Command Modes
Device Modes
Usage Guidelines
Use the crypto ssl services accelerated-service command to add and configure an accelerated service. The crypto ssl services accelerated-service command initiates accelerated service configuration mode, as indicated by the following prompt:
Within SSL accelerated service configuration mode, you can use SSL accelerated service configuration commands. To return to global configuration mode, enter exit at the accelerated service configuration mode prompt.
Examples
The following example shows how to create or edit an accelerated service called myservice. If the service is already established on the WAAS device, the crypto ssl services accelerated-service command edits it. If the service does not exist, the crypto ssl services accelerated-service command creates it:
Related Commands
(config-ssl-accelerated) cipher-list
(config-ssl-accelerated) client-cert-key
(config-ssl-accelerated) client-cert-verify
(config-ssl-accelerated) client-version-rollback-check
(config-ssl-accelerated) description
(config-ssl-accelerated) inservice
(config-ssl-accelerated) server-cert-key
(config-ssl-accelerated) server-cert-verify
(config-ssl-accelerated) server-domain
(config-ssl-accelerated) server-ip
(config-ssl-accelerated) cipher-list
To configure secure socket layer (SSL) encryption cipher lists on a WAAS device, use the cipher-list command. To delete a cipher list use the no form of the command.
no cipher-list cipher-list-name
Syntax Description
Name of the cipher list you want to create or edit. The cipher list name may contain up to 64 characters. |
Defaults
Command Modes
SSL accelerated service configuration
Device Modes
Usage Guidelines
A cipher list is customer list of cipher suites that you assign to an SSL connection. (See the SSL Cipher List Configuration Mode Commands chapter for more information.)
Examples
The following example shows how to enter SSL accelerated service configuration mode, and then create or edit a cipher list called myciphers. If the cipher list is already established on the WAAS device, the cipher-list command edits it. If the cipher list does not exist, the cipher-list command creates it:
Related Commands
(config-ssl-accelerated) client-cert-key
To configure a certificate and private key, use the client-cert-key command.
Syntax Description
Filename of the certificate and key. Must be in PKCS#12 and have a “.p12” extension. |
Defaults
Command Modes
SSL accelerated service configuration
Device Modes
Examples
The following example shows how to enter SSL accelerated service configuration mode, and then import a certificate and key:
Related Commands
(config-ssl-accelerated) client-cert-verify
To enable verification of client certificates, use the client-cert-verify command.
client-cert-verify [revocation-check none]
Syntax Description
(Optional) Specifies a revocation check null method that returns revocation success. |
Defaults
Command Modes
SSL accelerated service configuration
Device Modes
Usage Guidelines
If the server and client devices are using self-signed certificates and certificate verification is enabled, WAAS devices will not be able to accelerate SSL traffic.
To disable OCSP certificate revocation checking, set the revocation check value to none.
Examples
The following example shows how to enter SSL accelerated service configuration mode, and then set the revocation check method to none:
Related Commands
(config-ssl-accelerated) client-version-rollback-check
To disable the client SSL version rollback check, use the client-version-rollback-check command.
client-version-rollback-check disable
Syntax Description
Defaults
Command Modes
SSL accelerated service configuration
Device Modes
Usage Guidelines
If a non-RFC 2246 compliant client passes the incorrect client version in the SSL message, a bad record MAC SSL handshake failure may occur. The SSL accelerator terminates such connections. In this case, you can disable the client version rollback check which allows these connections to be optimized.
Examples
The following example shows how to enter SSL accelerated service configuration mode, and then disable the client SSL version rollback check:
Related Commands
(config-ssl-accelerated) description
To add a description of the SSL accelerated service, use the description command.
Syntax Description
String that is the description of the SSL accelerated service. |
Defaults
Command Modes
SSL accelerated service configuration
Device Modes
Examples
The following example shows how to enter SSL accelerated service configuration mode, and then a description of the accelerated service:
Related Commands
(config-ssl-accelerated) inservice
To enable the accelerated service, use the inservice command.
Syntax Description
Defaults
Command Modes
SSL accelerated service configuration
Device Modes
Examples
The following example shows how to enter SSL accelerated service configuration mode, and then enable the accelerated service:
Related Commands
(config-ssl-accelerated) protocol-chaining enable
To enable the accelerated service, use the protocol-chaining enable command. To disable this accelerated service, use the no form of this command.
Syntax Description
Defaults
Command Modes
SSL accelerated service configuration
Device Modes
Examples
The following example shows how to enter SSL accelerated service configuration mode, and then enable the protocol chaining:
(config-ssl-accelerated) server-cert-key
To configure a certificate and private key, use the server-cert-key command.
Syntax Description
Filename of the certificate and key. Must be in PKCS#12 and have a “.p12” extension. |
Defaults
Command Modes
SSL accelerated service configuration
Device Modes
Examples
The following example shows how to enter SSL accelerated service configuration mode, and then import a certificate and key:
Related Commands
(config-ssl-accelerated) server-cert-verify
To enable verification of server certificates, use the server-cert-verify command.
server-cert-verify [revocation-check none]
Syntax Description
(Optional) Specifies a revocation check null method that returns revocation success. |
Defaults
Command Modes
SSL accelerated service configuration
Device Modes
Usage Guidelines
If the server and client devices are using self-signed certificates and certificate verification is enabled, WAAS devices will not be able to accelerate SSL traffic.
To disable OCSP certificate revocation checking, set the revocation check value to none.
Examples
The following example shows how to enter SSL accelerated service configuration mode, and then set the revocation check method to none:
Related Commands
(config-ssl-accelerated) server-domain
To configure the accelerated server domain and TCP port, use the server-domain command.
server-domain srv-domain {port port-no}
Syntax Description
Defaults
Command Modes
SSL accelerated service configuration
Device Modes
Examples
The following example shows how to enter SSL accelerated service configuration mode, and then set the accelerated server domain name and port:
Related Commands
(config-ssl-accelerated) server-ip
To configure the accelerated server IP address and TCP port, use the server-ip command.
server-ip ip-address {port port-no}
Syntax Description
Specifies the port number of the accelerated server. Range is 1 to 65535. |
Defaults
Command Modes
SSL accelerated service configuration
Device Modes
Examples
The following example shows how to enter SSL accelerated service configuration mode, and then set the accelerated server IP address and port:
Related Commands
(config-ssl-accelerated) server-name
To configure the accelerated server hostname and TCP port, use the server-name command.
server-name hostname {port port-no}
Syntax Description
Specifies the hostname of the accelerated server. 255 alphanumeric characters max, 63 characters per label/segment. |
|
Specifies the port number of the accelerated server. Range is 1 to 65535. |
Defaults
Command Modes
SSL accelerated service configuration
Device Modes
Examples
The following example shows how to enter SSL accelerated service configuration mode, and then set the accelerated server name and port:
Related Commands
(config-ssl-accelerated) version
To specify the type of SSL protocol to use for accelerated services, use the version command.
Syntax Description
Specifies SSL3 for the SSL version 3 protocol, TLS1 for the Transport Layer Security version 1 protocol, or All to use both SSL3 and TLS1 SSL protocols. |
Defaults
Command Modes
SSL accelerated service configuration
Device Modes
Examples
The following example shows how to enter SSL accelerated service configuration mode, and then set the protocol to SSL version 3: