Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

urgent help on this issue.

this is a new setup for our internet banking project. We are using the CSS11501 for two functions. The first one is to offload the VeriSign SSL certificate off the web servers and the second is two load balances between two web servers. Currently, I am stopping the load balancing function, using only one ssl_proxy and 1 end server, because the second web server is not yet ready.

I have tested both functions thoroughly and it works fine. Both the SSL offloading and load balancing are working fine. Yesterday, It was the first time trying it on my machine !! and it was not working. This issue seems to be the same for all the Vista PCs. Whenever I try to https to the VPI (the Content witch virtual IP), I got an internet explorer cannot display the webpage' error message. Simply the certificated offload is not working with Vista.

I have tried this in different machines running XP and they can access the web site normally and also try it on different Vista machines and they all have failed to display the web site. All clients are from the same source subnet (192.168.2.0) so no routing or firewall issue is possible. Moreover, I have tried on different browsers from both windows , XP and Vista , and they all work with XP but fail with Vista.

Windows Explorer: Cannot display the page

Firefox: Cannot securely to 10.0.7.19 because the site uses a security protocol which is not enabled

Safari: Cannot open the site 'url' because it could not establish a secure connection to the server 10.0.7.19

The VPI is 10.0.7.19 and the server real address is 10.0.8.100. From all machines, XP and Vista, we can ping the VPI and we can https to the real server IP address. It is only the VPI which gives the described problem, more specifically the SSL offload.

Thanks

swami

2 REPLIES
Cisco Employee

Re: urgent help on this issue.

Hi,

Well this seems to be related to security on Vista. Did you try running IE with admin rights for instance?

Did you verify that SSL 3.0 or TLS 1.0 is enabled on your IE and Firefox settings:

From this error:

"Firefox: Cannot securely to 10.0.7.19 because the site uses a security protocol which is not enabled"

It seems like SSL 3.0 or TLS 1.0 is not enabled.

Also check the cipher suites enabled on your browser and make sure it matches the one on the CSS

Maybe an sniffer trace on the client can show us what the issue is.

New Member

Re: urgent help on this issue.

I am having the same problem with a brand new CSS11501. XP systems running IE7 can open https to the device, but Vista clients are unable to connect. SSL 3.0, TLS, etc are enabled. This is the default IE7 install. I have also tried adding the CSS IP as a trusted site with no luck. Was looking here before I open a TAC case.

153
Views
0
Helpful
2
Replies