We have two CSS 11503's running version 8.10 which are load balancing ssl (no offload) accross multiple FARM's for various services. The current keepalive is ap-kal-ssl (default sending hello expecting hello).
This is no longer adequate as the application fails while the port is still active resulting in the keepalive marking the server as Alive and traffic being sent to a server that cannot provide service.
I would like have a script that can perform the same function as the existing ap-kal-ssl keepalive checking the ssl service as well as check the landing page of the site, for example, (no authentication required as it would be the login page).
Is this possible, and if so any assitance with the scripting would be greatly appreciated.
But, we are only load balancing the SSL traffic as per below config. Do I have to configure Back-End SSL Server service or a SSL Initiation service, ssl-proxy lists and so on?
In other words, do I have to be be terminating and/or initiating SSL or can I just do the: "keepalive http non-persistent encrypt" with my "keepalive method ?" and "keepalive uri ?" under my "service Webx"?
Any feedback or confirmation on my query regarding whether or not I have to be terminating and/or initiating SSL or can I just do the: "keepalive http non-persistent encrypt" with my "keepalive method ?" and "keepalive uri ?" under my "service Webx"?
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...