Sure you can do this with the CSS but as you nailed it this has not worked for you due to the SSL connection, SSL means that all the traffic comes encrypted to the CSS thus layer 5 information (headers, cookies, etc) can't be read at all.
The only way you can get this done is if you have an SSL module installed on the CSS or any other device that can act as an SSL offloader before the traffic reaches the CSS. Once the traffic was decrypted and l5 info readable then you can configure stickiness based on cookie URL to mantain your clients stuck to one server until they finish the session.
Now that you have the SSL module you can configure SSL termination to decrypt the SSL traffic and then apply the sticky method you prefer. I've attached a config sample for SSL termination and cookie URL where the CSS should stick a client based on the cookie string that is embedded into the URL during the session.
In a nutshell:
- The client will come on https://mydomain2.com which resolves to 10.10.10.100 hitting the 443 content rule.
- The traffic will be sent to the SSL service which is attached to the SSL proxy list (Web) here the SSL module uses your private key to decrypt the traffic.
- Once decrypted the traffic will be sent to the IP 10.10.10.100 but this time in port 80 to make a load balancing decision
- The CSS looks for the configured string prefix, which is the cookie name. In this example, the string prefix in the content rule is cookieid=.
- If the CSS finds the prefix, then it looks for the value that matches one of the string values configured in one of the services. For example, the string value for service Apache-1 is server1. The CSS begins searching for the prefix and value at the beginning of the cookie field in the header and searches the entire field until the end of the field.
- If the CSS cannot find the string prefix or match the cookie value with one of the service string values, then the CSS load balances the request according to the configured balance method (roundrobin by default).
On this example I'm assuming that SSL cert and key have been uploaded and associated already onto the box, if you need any help with this let me know.
Nope the fact that you have now CSS11506 with SSL modules doesn't change anything both HW's use same CLI commands and work exactly the same way I'm pretty sure the only difference is the number of transactions per second that each box can handle.
About that "Web" group I put it on the config just in case you have a similar design, as you can see on my config I'm just using a one-armed mode where the VIPs and the servers are sitting on the same vlan (179), commonly on this topology you face asymmetrical routing issues where the response from the servers bypass the CSS which breaks the connection, the group is used to NAT the incoming connection and force the backend servers to reply back to the CSS. If you have a routed mode where the clients and servers are on different vlans then you don't need to worry about this.
About the names ... that was merely a coincidence or a lack of thinking for a better name I'd say lol , you can use whatever name you want under each portion of the configuration. =)
ps. Checking the config I made a typo under the SSL list, the "ssl-server 1 vip address 10.86.178.198" should've been "ssl-server 1 vip address 10.10.10.100" I was thinking on my own network when editing the configuration.
If something comes up with the testing let me know.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
Introduction Prepositioning is a powerful tools on the WAAS platform but
it is not always easy to figure out why your jobs are failing when
trying to retrieve the files.Here is a method that should help you to
figure out the reason why they are not succes...