TCP Timeout on backend sessions

Unanswered Question

We are using the CSS5-SSL-C-K9 module.


We use front-end and back-end ssl sessions for our https app.


i.e. :

browser -- ssl traffic -- sslrule -- K9cardfrontserver -- contentrule -- K9cardbackendserver -- realbackendserver.



We specify flow-timeout-multiplier 400 to avoid timing out the flows for the content rules.


But we still see the backend tcp session being closed after about 4-5 mins of idle i.e. server sleeps before response.


We do not want this to time out.


Any ideas what could be missing ??

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Tue, 10/09/2007 - 23:40
User Badges:
  • Cisco Employee,

the flow timeout command is for the css not to delete the flow.

But the SSL module as also its own timeouts.


CSS11503-2(config-ssl-proxy-list[gdufour])# ssl-server 1 tcp ?

...

inactivity-timeout Specify the server-side SSL TCP inactivity timeout


The default is 240 sec.


You can increase it to 3600 sec max.

The same command exist for the front-end connection.


Gilles.

Actions

This Discussion