Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS with multiple SSL-Offload modules

I'm looking for some suggestions on using multiple SSL-Offload modules (CSS5-SSL-C-K9) for ssl-termination and compression.

We ran into some isolated application problems with compression when it was globally enabled on a single ssl-termination service. As a work-around, we're selectively enabling compression on the cleartext content rules for those sites that support compression, however that seems like it maybe inefficient because the data back to the client will hit the ssl-module twice, once for compression (on the cleartext rules) and then again for encryption (on the ssl rule.)

I'm thinking that using two SSL-offload modules is a better solution. Both modules will use the same ssl-proxy-list, but one module's service will have compression enabled and the other will not. The decision then to enable compression, will be based upon which ssl service is added to the ssl content rule. In that design, compression will happen along with encryption for the compression-enabled service, and seems to be more efficient.

Has anyone done a design like that?

If not, has anyone run into any scalability or performance issues with selectively enabling compression on the cleartext rules?



Re: CSS with multiple SSL-Offload modules

Selectively enabling compression on multiple SSL modules can cause some problems. You should enable compression for all data in a multi module steup. Following link may help you

New Member

Re: CSS with multiple SSL-Offload modules

-Sorry for the delay in getting back to you.

Thanks for the info. Please elaborate.

I'm testing this now with some success and I just want to be sure I don't run into any issues.



CreatePlease login to create content