Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS cookie with SSL

Connectivity hang when inserting an arrowpoint cookie in the decrypted traffic flow (using SCA). We use one arm architecture with CSS 11150. From the trace it looks like the CSS cannot insert the cookie and reset the connection after a while.

7 REPLIES
Cisco Employee

Re: CSS cookie with SSL

we will need css config and sniffer traces to understand the problem.

You can attach them here or send them to gdufour@cisco.com

New Member

Re: CSS cookie with SSL

Here are the config

Cisco Employee

Re: CSS cookie with SSL

your SCA config does not match the CSS.

The CSS forwards the secure traffic to ip:port = 141.122.131.9:444.

Your SCA listens on port 446 [not 444] and it is supposed to forward the decrypted traffic to 141.122.180.254:90 which is not a CSS vip.

Gilles.

New Member

Re: CSS cookie with SSL

Sorry, I mix environment

Cisco Employee

Re: CSS cookie with SSL

configs look good.

what about the trace ?

Did capture it between CSS and SCA ?

When do you see the reset ? Immediately ? After always the same amount of time ? Randomly ?

do you see the cookie inserted by the CSS in the server response ?

Thanks,

Gilles.

New Member

Re: CSS cookie with SSL

The capture is between the CSS and the SCA.

The CSS send multiple time the first Get and send the RST when it give up. We never go further than that. The server response is not sent by the CSS

New Member

Re: CSS cookie with SSL

Find out the issue. As the destination server are not on directely attached interface the packets went out by a different interface than the return traffic. Seems that a flow include physical interface.

204
Views
0
Helpful
7
Replies
CreatePlease login to create content