Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
445
Views
0
Helpful
4
Replies

connection problem on CSS11506

julxu
Level 1
Level 1

‎02-16-2006 07:46 PM

one of my rule as below:

content ias-443

vip address 10.1.1.30

port 443

protocol tcp

add service ias-server1

add service ias-server2

sticky-inact-timeout 1

active

it was working before. And as server's admin said they have not changed anything. the only changes is some network switches (cat6500/cat3500 IOS upgraged).

now, it lose connection time by time, even you get connection, it is very slow.

Could anyone advice me? what possible problme can be? and how can I trouble shooting this.

I have traced the client and I can see the authetication working very quick.

I have traced the server, and I can see the traffic from the client.

on CSS I can see the traffic between client and css and the traffic between css and server. how can I see what is happend after authetication?

Any comment will be appreciated

Thanks in advance

Labels:
0 Helpful
4 Replies 4

julxu
Level 1
Level 1

‎02-16-2006 07:50 PM

forget one thing,

I have tried to remove one server, and there was no problem anymore. connection was ok.

So, the one server is working and two server is not working.

Does it mean there is not a connection problem? is there other issue include?

Please advice.

0 Helpful

Sbutzek
Level 1
Level 1
In response to julxu

‎02-21-2006 11:53 AM

Hi,

i've never had such a problem you describing,

but i think the problem is the loadbalancing of the sessions to different servers.

Your Client will establish a SSL Session with one Server, and if you loadbalance this session to another server, the server will not know this Session because the client established this with the first one.

You've configured a sticky-timeout of 1 minute but no sticky method.

You must add a advanced-balance

then your client will be directed to the same server.

Sven

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to Sbutzek

‎02-21-2006 12:03 PM

I'll say Sven is correct.

You have no sticky method configured, so with 2 servers your connections could flip-flop between the 2 servers and break.

One server would work fine since all traffic would always go to the same device.

Try configuring sticky-ssl or sticky-srcip.

Gilles.

0 Helpful

julxu
Level 1
Level 1
In response to Gilles Dufour

‎02-22-2006 09:24 PM

Thanks for both replies:

not realy worked.

After configure the advanced-balance stricky-srcip, only my PC and the servers admin's machine is working, because we accessed before.

If I go to a new machine which never tried to connect before than it is stop again.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card