Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACE session persitence "sticky" TCP port

Hey guys,

I trying to work up some configurations on the ACE for performing session persistence "sticky" on the ACE based on source TCP port.  All flows are SSL based therefor, I thought the only option was SSL-ID but I've been running into querky behavior due to clients using IE7.  Evidently there are several cases where IE7 causes the SSL-ID to be regenereated causing this weird behavior.

Anybody have example configs of the layer4-payload offset, length, etc. to perform sticky based on TCP source port?

Thanks in advance.

Paul

1 REPLY
Cisco Employee

Re: ACE session persitence "sticky" TCP port

Since source port is not part of the layer 4 payload you cannot  use it for sticky. IE changing ssl id is a known problem (does it every 2 minutes).

So you are left with:

terminating SSL on the ace and using cookie sticky (you can always re-encrypt on back end if security demands it)

or

source IP sticky (practical only if clients are not behind a proxy  device)

465
Views
0
Helpful
1
Replies
CreatePlease to create content