TCP Timeout on backend sessions

Unanswered Question

We are using the CSS5-SSL-C-K9 module.

We use front-end and back-end ssl sessions for our https app.

i.e. :

browser -- ssl traffic -- sslrule -- K9cardfrontserver -- contentrule -- K9cardbackendserver -- realbackendserver.

We specify flow-timeout-multiplier 400 to avoid timing out the flows for the content rules.

But we still see the backend tcp session being closed after about 4-5 mins of idle i.e. server sleeps before response.

We do not want this to time out.

Any ideas what could be missing ??

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Tue, 10/09/2007 - 23:40
User Badges:
  • Cisco Employee,

the flow timeout command is for the css not to delete the flow.

But the SSL module as also its own timeouts.

CSS11503-2(config-ssl-proxy-list[gdufour])# ssl-server 1 tcp ?


inactivity-timeout Specify the server-side SSL TCP inactivity timeout

The default is 240 sec.

You can increase it to 3600 sec max.

The same command exist for the front-end connection.



This Discussion