cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
670
Views
5
Helpful
6
Replies

CSS ASR question

stephen.baugh
Level 1
Level 1

Hi

Could anyone tell me if HTTPS sessions are syncronized to the redundant CSS, I couldn't find any definitive that helps

Cheers

6 Replies 6

Gilles Dufour
Cisco Employee
Cisco Employee

only the tcp part of the https connection is replicated to the standby unit.

So, if ssl is terminated on the server then the failover will be transparent.

If ssl is terminated on the CSS itself, then a failover will break the ssl connection.

Gilles.

Jose Garcia
Level 1
Level 1

Hi,

Well about the ASR it will synch the active connections on normal HTTP, but when dealing with HTTPS the connection requires a secure handshake that involves certificates & keys, once this tunnel is open it cannot be replicated to the backup box (for secure reasons basically).

So when the ASR fails over, all the SSL/TLS active connections will have to renegotiate on the second box.

Thanks.

Josega.

Hi

So all https sessions that terminate on a server wont be replicated to the standby box

Cheers

Stephen

The HTTPS sessions terminated on the servers will be replicated on the standby box.

The HTTPS sessions terminated on the CSS will not be replicated to the standby box.

Thanks.

Josega

I do't think so.

If your CSS is doing the termination SSL then all ssl connections will be lost, but if your server is terminating, and failure occur on the CSS, the flows are replicated to the backup CSS.

If the failure occur on one of the servers, the connection with that server will be lost.

David

you're rigth josega

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: