Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

TCP Timeout on backend sessions

We are using the CSS5-SSL-C-K9 module.

We use front-end and back-end ssl sessions for our https app.

i.e. :

browser -- ssl traffic -- sslrule -- K9cardfrontserver -- contentrule -- K9cardbackendserver -- realbackendserver.

We specify flow-timeout-multiplier 400 to avoid timing out the flows for the content rules.

But we still see the backend tcp session being closed after about 4-5 mins of idle i.e. server sleeps before response.

We do not want this to time out.

Any ideas what could be missing ??

1 REPLY
Cisco Employee

Re: TCP Timeout on backend sessions

the flow timeout command is for the css not to delete the flow.

But the SSL module as also its own timeouts.

CSS11503-2(config-ssl-proxy-list[gdufour])# ssl-server 1 tcp ?

...

inactivity-timeout Specify the server-side SSL TCP inactivity timeout

The default is 240 sec.

You can increase it to 3600 sec max.

The same command exist for the front-end connection.

Gilles.

136
Views
0
Helpful
1
Replies