Gilles Dufour Tue, 07/03/2007 - 07:15
User Badges:
  • Cisco Employee,

only the tcp part of the https connection is replicated to the standby unit.

So, if ssl is terminated on the server then the failover will be transparent.

If ssl is terminated on the CSS itself, then a failover will break the ssl connection.


Gilles.

Jose Garcia Tue, 07/03/2007 - 07:15
User Badges:

Hi,


Well about the ASR it will synch the active connections on normal HTTP, but when dealing with HTTPS the connection requires a secure handshake that involves certificates & keys, once this tunnel is open it cannot be replicated to the backup box (for secure reasons basically).



So when the ASR fails over, all the SSL/TLS active connections will have to renegotiate on the second box.


Thanks.

Josega.

stephen.baugh Tue, 07/03/2007 - 10:30
User Badges:

Hi


So all https sessions that terminate on a server wont be replicated to the standby box


Cheers

Stephen

Jose Garcia Tue, 07/03/2007 - 10:41
User Badges:


The HTTPS sessions terminated on the servers will be replicated on the standby box.


The HTTPS sessions terminated on the CSS will not be replicated to the standby box.


Thanks.

Josega

dalmada Tue, 07/03/2007 - 10:44
User Badges:

I do't think so.

If your CSS is doing the termination SSL then all ssl connections will be lost, but if your server is terminating, and failure occur on the CSS, the flows are replicated to the backup CSS.


If the failure occur on one of the servers, the connection with that server will be lost.


David

Actions

This Discussion