https://community.cisco.com/t5/application-networking/ssl-persistence-using-a-port-other-than-443/m-p/151469#M1827 <HTML><HEAD></HEAD><BODY><P>Thanks, That is what I ended up doing. It would be nice to perform an actual GET of a page. Sometimes our applications will hang, but the tcp port will still be listening.</P></BODY></HTML> Wed, 11 Dec 2002 03:37:49 GMT clayton-price 2002-12-11T03:37:49Z https://community.cisco.com/t5/application-networking/ssl-persistence-using-a-port-other-than-443/m-p/151465#M1823 <P>I figure this would work, but am looking for some confirmation.</P><P></P><P>Thanks!</P><P></P><P>Clayton</P> Wed, 04 Dec 2002 18:45:57 GMT https://community.cisco.com/t5/application-networking/ssl-persistence-using-a-port-other-than-443/m-p/151465#M1823 clayton-price 2002-12-04T18:45:57Z https://community.cisco.com/t5/application-networking/ssl-persistence-using-a-port-other-than-443/m-p/151466#M1824 <HTML><HEAD></HEAD><BODY><P>This is from a Cisco documentation:</P><P></P><P>The Clients send encrypted traffic on port 443, the standard SSL port. The CSM listens on port 443 and load balances the encrypted traffic to an internal "server farm" of SSL modules. The selected SSL Service Module decrypts the traffic, stamps it with a SSL Session ID, opens a clear-text connection to a Versatile Interface Processor (VIP) on the CSM, and sends the traffic to a port that has been configured to receive "decrypted SSL traffic", for examples port 81.</P><P></P></BODY></HTML> Tue, 10 Dec 2002 20:14:26 GMT https://community.cisco.com/t5/application-networking/ssl-persistence-using-a-port-other-than-443/m-p/151466#M1824 r-simpson 2002-12-10T20:14:26Z https://community.cisco.com/t5/application-networking/ssl-persistence-using-a-port-other-than-443/m-p/151467#M1825 <HTML><HEAD></HEAD><BODY><P>Thanks, however in our case we are not using the SSL module.</P><P></P><P>I have since ruled out using ssl persistence due to Internet Explorer renegoting the SSL session ID every two minutes. This would break the persistence.</P><P></P><P>I do have a new question. I have not had any luck doing a keepalive check against an https port. I see that there is keepalive http, but no keepalive https. The standard http one fails against ssl enabled ports.</P><P></P><P></P></BODY></HTML> Tue, 10 Dec 2002 20:59:54 GMT https://community.cisco.com/t5/application-networking/ssl-persistence-using-a-port-other-than-443/m-p/151467#M1825 clayton-price 2002-12-10T20:59:54Z https://community.cisco.com/t5/application-networking/ssl-persistence-using-a-port-other-than-443/m-p/151468#M1826 <HTML><HEAD></HEAD><BODY><P>HI,</P><P></P><P>An option to do SSL keepalive may be to use a TCP based keepalive on port 443.</P><P></P><P>Regards</P></BODY></HTML> Wed, 11 Dec 2002 01:55:33 GMT https://community.cisco.com/t5/application-networking/ssl-persistence-using-a-port-other-than-443/m-p/151468#M1826 bhose 2002-12-11T01:55:33Z https://community.cisco.com/t5/application-networking/ssl-persistence-using-a-port-other-than-443/m-p/151469#M1827 <HTML><HEAD></HEAD><BODY><P>Thanks, That is what I ended up doing. It would be nice to perform an actual GET of a page. Sometimes our applications will hang, but the tcp port will still be listening.</P></BODY></HTML> Wed, 11 Dec 2002 03:37:49 GMT https://community.cisco.com/t5/application-networking/ssl-persistence-using-a-port-other-than-443/m-p/151469#M1827 clayton-price 2002-12-11T03:37:49Z