06-08-2010 06:07 AM
hi everyone
I enable SSL optimized function and it work fine
but I have a question
in my environment, most SSL tcp session size is under 10 KB
so when small size tcp session optimized by waas
it's optimized bytes is bigger than original byte
so, does waas have the function that if the tcp session original size under 10KB
it only opimize in TFO or pass-through it
on the contrary, if tcp session original size is bigger than10KB
it will full optimzed
does waas has this function ??
thanks
06-08-2010 06:53 AM
WAAS does not have the function you describe.
Can you provide the sh stat conn detail statistics from one of these connections?
Thanks,
Zach
06-08-2010 07:25 AM
06-09-2010 06:04 AM
Notice the highlighted line in the output you provided:
Core-WAE#sh stat con detail server-port 443
Connection Id: 852083
Peer Id: 00:14:5e:85:26:c3
Connection Type: EXTERNAL SERVER
Start Time: Tue Jun 8 09:29:29 2010
Source IP Address: 2.2.2.2
Source Port Number: 2930
Destination IP Address: 1.1.1.1
Destination Port Number: 443
Application Name: SSL
Classifier Name: HTTPS
Map Name: basic
Directed Mode: FALSE
Preposition Flow: FALSE
Policy Details:
Configured: TCP_OPTIMIZE + DRE + LZ
Derived: TCP_OPTIMIZE + DRE + LZ
Peer: TCP_OPTIMIZE + DRE + LZ
Negotiated: TCP_OPTIMIZE + DRE + LZ
Applied: TCP_OPTIMIZE + DRE + LZ
Accelerator Details: None
Original Optimized
-------------------- --------------------
Bytes Read: 958333 1431050
Bytes Written: 1137856 1198434
Total Reduction Ratio: 00.000%
This means that the SSL AO is not applied to this connection. Are you sure this server is configured for SSL acceleration? Can you please provide a copy of your configuration?
Thanks,
Zach
06-09-2010 07:12 AM
Zach,
I also have Accelerator Details: None
But in the CM I have "Full Optimization" under Connections Statistics
Jan
06-09-2010 07:13 AM
Can you please provide a copy of your configuration (WAAS devices on both sides of the link)?
Thanks,
Zach
06-09-2010 08:38 AM
I enable SSL in my LAB environment that's ok
and I can see SSL icon in device monitor connection statistics
but in user site, i cannot see the SSL icon
I think that's why Zach said no SSL policy apply to SSL connection
all device configuration are configure from AllDeviceGroup
my https web site ip address is 192.168.3.88:443
my configuration sequence is
1. open cms secure-store
2. create a cipher
3. create a SSL Accelerated service name "mega-www" and add my HTTPS web ip address 192.168.3.88 port 443, then import the web certificate and private key
4.my application is SSL and classifier is HTTPS, I add my web ip address 192.168.3.88 port 443 into HTTPS classifier
application is full optimization and position is first
but it is stange, cause in my lab environment, it's ok, but in user site, it's not work
an appendix file is my core-wae and branch-wae show run config
is this issue related with web CA ?
thanks
06-10-2010 12:40 AM
Do the Disk Encryption needs to be enable on all WAE to get the SSL to work?
If found this error.
WAAS03#show statistics accelerator ssl | inc Failed
Total Failed Handshakes: 39086
Total Failed Certificate Verifications: 0
Failed certificate verifications due to invalid certificates: 0
Failed Certificate Verifications based on OCSP Check: 0
Failed Certificate Verifications (non OCSP): 0
Total Failed Certificate Verifications due to Other Errors: 0
Total Failed OCSP Requests: 0
Total Failed OCSP Requests due to Other Errors: 0
Total Failed OCSP Requests due to Connection Errors: 0
Total Failed OCSP Requests due to Connection Timeouts: 0
Total Failed OCSP Requests due to Insufficient Resources: 0
Jan
06-10-2010 02:33 AM
it's needn't because my ssl opimization work fine in my lab environment without enable disk encryption
but why it is not work in user site
i'm waiting for Zach responce^^
06-16-2010 07:27 AM
Where are the client and server located relative to the configurations you provided?
Zach
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: