cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
296
Views
0
Helpful
1
Replies

CSS11506 Reverse Proxy question

dclee
Level 1
Level 1

Currently using a CSS11506 in reverse proxy mode. Right now it is handling the front end SSL connection for approx 19 backend web server connections.

I am using 1 Public IP to mask all of these inbound connections via the group command. We are experiencing intermittent

drops client side. Is there a best practice of how many connections the CSS will handle via the NAT process. Is the 20 configured servers a bit to much to be masking via one public IP ?

Any help would be appreciated.

Cheers

Dave

1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

Dave,

I would suggest to do some troubleshooting before jumping to conclusion.

The number of servers does not matter.

What is important is the number of connections.

1 connection per server means 20 ports being used and you have 55k available.

So, in this example this is definitely not a problem.

Most of the times, client drops on a CSS are due to the aggressive idle timeout. 16 sec.

So, either you try to bump the timeout with the command 'flow-timeout-multiplier' or you capture sniffer traces showing the drops with couple of show tech and we try to confirm the cause of the problem.

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: