Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

CSS ASR question

Hi

Could anyone tell me if HTTPS sessions are syncronized to the redundant CSS, I couldn't find any definitive that helps

Cheers

6 REPLIES
Cisco Employee

Re: CSS ASR question

only the tcp part of the https connection is replicated to the standby unit.

So, if ssl is terminated on the server then the failover will be transparent.

If ssl is terminated on the CSS itself, then a failover will break the ssl connection.

Gilles.

New Member

Re: CSS ASR question

Hi,

Well about the ASR it will synch the active connections on normal HTTP, but when dealing with HTTPS the connection requires a secure handshake that involves certificates & keys, once this tunnel is open it cannot be replicated to the backup box (for secure reasons basically).

So when the ASR fails over, all the SSL/TLS active connections will have to renegotiate on the second box.

Thanks.

Josega.

New Member

Re: CSS ASR question

Hi

So all https sessions that terminate on a server wont be replicated to the standby box

Cheers

Stephen

New Member

Re: CSS ASR question

The HTTPS sessions terminated on the servers will be replicated on the standby box.

The HTTPS sessions terminated on the CSS will not be replicated to the standby box.

Thanks.

Josega

New Member

Re: CSS ASR question

I do't think so.

If your CSS is doing the termination SSL then all ssl connections will be lost, but if your server is terminating, and failure occur on the CSS, the flows are replicated to the backup CSS.

If the failure occur on one of the servers, the connection with that server will be lost.

David

New Member

Re: CSS ASR question

you're rigth josega

153
Views
5
Helpful
6
Replies
CreatePlease to create content