I've been troubleshooting a problem for some time now. We have a Cat6500 with Sup720, CSM version 4.2.5 and SSL version 2.1(10). My users are accessing our intranet like this;
Client Vlan -> FWSM -> CSM Vlan -> SSL ?> CSM -> Intranet servers. The communication between the CSM and the SSL is layer2 but everything else is routed layer 3.
When I use Ethereal to sniff the CSM/SSL Vlan I notice some occasional TCP-out-of-order messages, around 1 per 10-20 packets. But when I turn on SSL cookie stickiness on the virtual server that responds to HTTPS traffic from the users and directs this to the SSL modules I notice a sharp increase in the amount of TCP retransmissions and out-of-order messages. They increases to around 4-7 per 10 packets. At the same time as this is happening I get reports of users getting ?page cannot be displayed? when their browsers are sending POST-messages to the intranet.
I?ve read the release note for SSL module 2.1(10) and noticed that this was an issue that was supposed to be solved. I don?t however think this is related since everything is fine until I turn on SSL cookie sticky on the CSM