Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

SorryServer with 443 - How to implement ?

Please clarify and correct my SorryServer with 443 scenario. normally, clients will be connected to S1 or S2 with the server's certification.

.

1. If S1 and S2 both down, clients will be redirecting to SorryServer and SorryServer will be issued the certification.

2. Client have a certification from server. S1 and S2 down in the middle of communication, what happen the client ? Is the client will get a certification request from SorryServer ? I'm not clear for the certification which already got from the server.

3. Last question. Is this right way to implement SorryServer with 443 ?

.

service S1

ip address 1.1.1.1

port 443

!

service S2

ip address 1.1.1.2

port 443

!

service SorryServer

ip address 1.1.2.1

port 443

!

content SecureServer

vip address 2.2.2.2

add service S1

add service S2

advanced-balance sticky-srcip

primarySorry SorryServer

port 443

.

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: SorryServer with 443 - How to implement ?

Well,

Assuming you activate the services with the "active" command.. :)

If something goes wrong in the middle of a flow (or conneciton) then there is not much we will do. The sorry server does not have a socket for that specific connection. If we did send it there, we would only get a TCP RST response. The sorry service will get all NEW connections if all the other services go down.

Other than not having "active" services, and I am not sure on the content rule (It needs to be active also!) the way you have configured it is fine.

-Steve

1 REPLY
New Member

Re: SorryServer with 443 - How to implement ?

Well,

Assuming you activate the services with the "active" command.. :)

If something goes wrong in the middle of a flow (or conneciton) then there is not much we will do. The sorry server does not have a socket for that specific connection. If we did send it there, we would only get a TCP RST response. The sorry service will get all NEW connections if all the other services go down.

Other than not having "active" services, and I am not sure on the content rule (It needs to be active also!) the way you have configured it is fine.

-Steve

101
Views
0
Helpful
1
Replies
CreatePlease to create content