Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS backend SSL - Arrowpoint cookies


I have configured a pair of CSSs for backend SSL. The setup includes self signed certificates. The server farm is two VMs with IIS6. HTTPS requests work like a charm. I am trying to get L5 stickiness with Arrowpoint cookies and i have a problem when the client is IE6 and IE7. The cookie is not shown in the Temporary Internet files of IE thus stickiness won't work. I have tried mozilla and it works beatifully - the cookie is inserted and it shows the backend server IP. Note that cookies from Internet sites work ok so it should no be any IE security issue. I have searched bug toolkit for a related bug but no luck. Attached is my config.

P.S. Tried it also with no SSL but same problem


Cisco Employee

Re: CSS backend SSL - Arrowpoint cookies

if it works with other browsers, I don't think this is a bug on the CSS.

I would suggest to try to remove the following command line : "arrowpoint-cookie browser-expire" see if it makes any difference.

Finally, take a sniffer trace on the client and with wireshark and the CSS private key, decode the trace and see if the css sent the cookie and what it looks like.

If the CSS sent the cookie, this is a browser issue.


New Member

Re: CSS backend SSL - Arrowpoint cookies

Hi Gilles,

Thanks for your response. From the capture it is clear that the CSS is sending the cookie. I found out that the cookie had an expiration dat of year 1970!!!. In the meantime i also used Opera and worked. I fixed the expiration timer to some period and walla... the cookie appeared in the IE temporary folder. The strange thing is that when i cheched the cookie (in all browsers) i showed an expiration year of 2008! The CSS clock is correctly fixed to the current date and time. Also tried NTP but same issue. I am i the only one having this issue? Also is it possible to have a sorry server with the backend solution? Would that sorry server has to be HTTPS like the backend or i can use just an HTTP server with a notification that the real servers are under maintenance for example.

P.S: The final implementation will include 2 AVSs that will be used as backend SSL servers and then proxy the request to the backend SSL application servers so as to implement a full SSL solution with cookie stickiness all the way.

Your help will be very much appreciated since the documentation is poor for this kind of setup.