Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSS11506 Reverse Proxy question

Currently using a CSS11506 in reverse proxy mode. Right now it is handling the front end SSL connection for approx 19 backend web server connections.

I am using 1 Public IP to mask all of these inbound connections via the group command. We are experiencing intermittent

drops client side. Is there a best practice of how many connections the CSS will handle via the NAT process. Is the 20 configured servers a bit to much to be masking via one public IP ?

Any help would be appreciated.

Cheers

Dave

1 REPLY
Cisco Employee

Re: CSS11506 Reverse Proxy question

Dave,

I would suggest to do some troubleshooting before jumping to conclusion.

The number of servers does not matter.

What is important is the number of connections.

1 connection per server means 20 ports being used and you have 55k available.

So, in this example this is definitely not a problem.

Most of the times, client drops on a CSS are due to the aggressive idle timeout. 16 sec.

So, either you try to bump the timeout with the command 'flow-timeout-multiplier' or you capture sniffer traces showing the drops with couple of show tech and we try to confirm the cause of the problem.

Gilles.

103
Views
0
Helpful
1
Replies