Hello,

I have a Cat6500 with CSM-S module. I made a configuration for https connections in witch the client sends encrypted traffic to the server (port 443). CSM forward the encrypted traffic into SSL card where it was decrypted and go again to the CSM. So the problem is appear when all back-end servers go down but the front-end virtual server stay as operational status, because it dos not know that (it is forward the traffic into SSL module). So how this problem can be resolved.

!

probe SSL-MOD tcp

interval 2

port 443

!

probe WEBCASH http

header host apache

request method get url /_httpd_server_up_.html

port 7777

!

serverfarm SSL-WEB2

nat server

no nat client

real 192.168.30.12 local

inservice

probe SSL-MOD

!

serverfarm WEBCASH

nat server

no nat client

real name ORAWEB1-PR 7777

inservice

real name ORAWEB2PR 7777

inservice

probe WEBCASH

!

!

vserver HTTPS-WEB2

virtual 85.118.192.64 tcp https

serverfarm SSL-WEB2

replicate csrp sticky

replicate csrp connection

persistent rebalance

inservice

!

vserver HTTPS-DEC

virtual 192.168.131.254 tcp www

serverfarm WEBCASH

replicate csrp sticky

replicate csrp connection

persistent rebalance

inservice

!

----- SSL config -----

ssl-proxy service ssl-1

virtual ipaddr 192.168.30.12 protocol tcp port 443 secondary

server ipaddr 192.168.131.254 protocol tcp port 80

certificate rsa general-purpose trustpoint myglobul

policy url-rewrite ssl-1-rw

policy http-header ssl

inservice

!