Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

connection problem on CSS11506

one of my rule as below:

content ias-443

vip address 10.1.1.30

port 443

protocol tcp

add service ias-server1

add service ias-server2

sticky-inact-timeout 1

active

it was working before. And as server's admin said they have not changed anything. the only changes is some network switches (cat6500/cat3500 IOS upgraged).

now, it lose connection time by time, even you get connection, it is very slow.

Could anyone advice me? what possible problme can be? and how can I trouble shooting this.

I have traced the client and I can see the authetication working very quick.

I have traced the server, and I can see the traffic from the client.

on CSS I can see the traffic between client and css and the traffic between css and server. how can I see what is happend after authetication?

Any comment will be appreciated

Thanks in advance

4 REPLIES
New Member

Re: connection problem on CSS11506

forget one thing,

I have tried to remove one server, and there was no problem anymore. connection was ok.

So, the one server is working and two server is not working.

Does it mean there is not a connection problem? is there other issue include?

Please advice.

New Member

Re: connection problem on CSS11506

Hi,

i've never had such a problem you describing,

but i think the problem is the loadbalancing of the sessions to different servers.

Your Client will establish a SSL Session with one Server, and if you loadbalance this session to another server, the server will not know this Session because the client established this with the first one.

You've configured a sticky-timeout of 1 minute but no sticky method.

You must add a advanced-balance

then your client will be directed to the same server.

Sven

Cisco Employee

Re: connection problem on CSS11506

I'll say Sven is correct.

You have no sticky method configured, so with 2 servers your connections could flip-flop between the 2 servers and break.

One server would work fine since all traffic would always go to the same device.

Try configuring sticky-ssl or sticky-srcip.

Gilles.

New Member

Re: connection problem on CSS11506

Thanks for both replies:

not realy worked.

After configure the advanced-balance stricky-srcip, only my PC and the servers admin's machine is working, because we accessed before.

If I go to a new machine which never tried to connect before than it is stop again.

132
Views
0
Helpful
4
Replies