Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member


I have worked with cisco on this and so far nothing. I have a vip that i cannot communicate over port 80, all configs are good according to cisco. if i telnet to one of the 2 servers behind on port 80 they work fine, If i telnet to the vip on 80 it ages out, even the firewall logs verify this. If i do a show flow on the css nothing for the vip i am going to, cisco had me do the debuggin for the vip and didnt even see any syn, synack.

The only thing that shows up when i do a sh rule "owner" "content" all there are no connections, just the total rejects increments, what does the total rjects mean? I am trying to find out this as it may lead us to what is causing this.


Re: CSS Vip

HI Steve,

The total rejects field increments when all services for a content rule are unavailable.

A service is a destination location where a piece of content resides physically

(a local or remote server and port).

can you send me the output of the following:

show keepalive

show keepalive-summary

show service summary

You can also configure a sorry server just for testing purpose not mandatory.

The Cisco CSS 11xxx Series Content Services Switch directs content requests to the primary sorry server when all the other services are unavailable. You can configure this service to contain content or to provide a drop or redirect message. This service is not used in load balancing.

see the below url to configure sorry server:

Thanks and regards,

Sachin Garg

Senior Specialist Security

HCL Comnet Ltd.

A-10, Sector 3, Noida- 201301


Mob: +91-9911757733