10-18-2010 06:01 AM
A customer just bought 2 new CAG's and is trying to use them thru a CSS. The CAG VPN and website is very flaky, the VPN connects then disconnects etc. The web site running on them displays the "under construction" page, but when you go to it directly it works, it goes to a log on page. I am not sure what to look for here, the flows on the CSS look correct. The traffic from the internet to the CAG's get a PAT address of 172.27.106.x, the CSS, CAG VIP and real addresses are all on the same internal subnet as the PAT. So in bound traffic gets a PAT of 172.27.106.x --> Vip Address 172.27.106.x --> CAG server real address --> 172.27.106.x, the CAG responds back to the 172.27.106.x address which proceeds back out the firewall. I wondered if the CAG's have an issue with the source traffic being Pat'd. Anyone have any experience with these CAG devices?
10-18-2010 06:26 AM
Hi Robert,
I don't have experience with the CAG servers you mentioned, but, on the CSS, most of the connection instability issues are related to a flow timeout. The CSS will time out connections after 16 seconds of inactivity, and after a session has been timed out, it can be closed any time.
One quick thing you could try would be configuring a bigger timeout for the affected content rules with the "flow-timeout-multiplier
10-18-2010 06:30 AM
Daniel,
Thanks for the reply. That maybe the reason for the instability for the VPN connection but I don't know if it applies to the web site issue, but I will add that multiplier and have them test it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide