Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

connection problem on CSS11506

one of my rule as below:

content ias-443

vip address

port 443

protocol tcp

add service ias-server1

add service ias-server2

sticky-inact-timeout 1


it was working before. And as server's admin said they have not changed anything. the only changes is some network switches (cat6500/cat3500 IOS upgraged).

now, it lose connection time by time, even you get connection, it is very slow.

Could anyone advice me? what possible problme can be? and how can I trouble shooting this.

I have traced the client and I can see the authetication working very quick.

I have traced the server, and I can see the traffic from the client.

on CSS I can see the traffic between client and css and the traffic between css and server. how can I see what is happend after authetication?

Any comment will be appreciated

Thanks in advance

New Member

Re: connection problem on CSS11506

forget one thing,

I have tried to remove one server, and there was no problem anymore. connection was ok.

So, the one server is working and two server is not working.

Does it mean there is not a connection problem? is there other issue include?

Please advice.

New Member

Re: connection problem on CSS11506


i've never had such a problem you describing,

but i think the problem is the loadbalancing of the sessions to different servers.

Your Client will establish a SSL Session with one Server, and if you loadbalance this session to another server, the server will not know this Session because the client established this with the first one.

You've configured a sticky-timeout of 1 minute but no sticky method.

You must add a advanced-balance

then your client will be directed to the same server.


Cisco Employee

Re: connection problem on CSS11506

I'll say Sven is correct.

You have no sticky method configured, so with 2 servers your connections could flip-flop between the 2 servers and break.

One server would work fine since all traffic would always go to the same device.

Try configuring sticky-ssl or sticky-srcip.


New Member

Re: connection problem on CSS11506

Thanks for both replies:

not realy worked.

After configure the advanced-balance stricky-srcip, only my PC and the servers admin's machine is working, because we accessed before.

If I go to a new machine which never tried to connect before than it is stop again.