Environment:
Client type HTTPS -> Internet/FW -> CSS public VIP -> HTTPS Web servers
= SSL terminators
In ordinary situation, e.g. HTTP traffic to web server through CSS, CSS spoof
TCP session, establish what backend server is best, then make TCP session
w/ that server and forward first HTTP GET.
In case of Client -> CSS -> SCA (which can be considered as "server" because
terminate SSL), Cisco says CSS transparently forward first TCP SYN to
SCA="server". So, there is no session spoofing?
What is real behavior, when client makes HTTPS port 443 session to VIP?
thanx