02-23-2006 10:22 AM
Hi, apologies but I can't seem to find a definite answer for this question. I have two css 11506's set up using vip/virtual interface redundancy (active/standby). Each css 11506 has a single ssl module.
Is this adequate for ssl redundancy? I've read in this forum that if an ssl module fails, the css will reboot causing failover to the standby css so ssl connections will simply reset and as long as I have ASR set up on the back end http content, users will not notice the failover.
Am I correct in this thinking or do you recommend using two ssl modules in each css? Thinking there is that if one ssl module fails, there will still be a 2nd module to handle ssl traffic and the css's will not failover.
Thanks
-Dan
02-23-2006 10:28 AM
there is no need for 2 modules.
You would use 2 modules if you need more power [handle more connections].
However, your assumption is incorrect.
Nowadays, there is no device in the worl [cisco and non-cisco] that can do SSL ststeful failover.
In other words, upon failure, all SSL users will have to restart their connection.
Gilles.
02-23-2006 02:15 PM
Thanks for confirmation.
-Dan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: