Hey, got a question here about configuring load balancing to backend SSL servers. Basically there are two backend servers, if a user hit ine we want them to stick to that server for their session, but we want connections comin in to be load balanced between the two servers. HTTP traffic works fine, it balances between the servers and if one server is down, the traffic goes to the other. With the SSL traffic though, the traffic only goes to one server, if that server is down, it nevers goes to the other one. I pasted the config below, any help would be great.

I sort of got this handed to me last minute and have had zero experience with these switches until last Friday. We hired a consultant to program it but he had no idea what he was doing so it got handed to me. Sorry if the config is a little confusing, im still learning. Thanks

!*****INTERFACE ***********

interface e8

bridge vlan 2

!******* CIRCUIT **********

circuit VLAN1

redundancy

ip address 172.16.1.4 255.255.255.0

circuit VLAN2

ip address 192.168.200.1 255.255.255.252

redundancy-protocol

!********* SSL PROXY LIST **********

ssl-proxy-list SSL-Proxy

ssl-server 20

ssl-server 20 rsakey myrsakey

ssl-server 20 rsacert verisigncert

ssl-server 20 urlrewrite 20 *

backend-server 1

backend-server 1 ip address 172.16.1.126

backend-server 1 server-ip 172.16.1.126

backend-server 1 port 8080

backend-server 1 cipher rsa-with-rc4-128-md5

backend-server 2

backend-server 2 ip address 172.16.1.127

backend-server 2 port 8080

backend-server 2 server-ip 172.16.1.127

backend-server 2 cipher rsa-with-rc4-128-md5

ssl-server 20 vip address 172.16.1.22

ssl-server 20 cipher rsa-with-rc4-128-md5 172.16.1.22 8080

active

!********** SERVICE ************

service SSL

type ssl-accel

slot 2

add ssl-proxy-list SSL-Proxy

keepalive type none

active

service SSL-Backend-SEAL1

type ssl-accel-backend

ip address 172.16.1.126

protocol tcp

keepalive port 443

add ssl-proxy-list SSL-Proxy

port 8080

active

service SSL-Backend-SEAL2

type ssl-accel-backend

ip address 172.16.1.127

protocol tcp

keepalive port 443

add ssl-proxy-list SSL-Proxy

port 8080

active

service webSEAL1

ip address 172.16.1.126

keepalive type tcp

keepalive port 80

active

service webSEAL1-https

keepalive type tcp

keepalive port 443

ip address 172.16.1.126

port 8080

active

service webSEAL2

keepalive port 80

ip address 172.16.1.127

keepalive type http

active

service webSEAL2-https

keepalive type tcp

keepalive port 443

ip address 172.16.1.127

port 8080

active

!*********** OWNER **********

owner SSL

content SSL-Backend

protocol tcp

port 8080

url "/*"

add service SSL-Backend-SEAL1

add service SSL-Backend-SEAL2

balance leastconn

sticky-inact-timeout 1

advanced-balance ssl

vip address 172.16.1.22

active

content WebSEAL

add service webSEAL1

add service webSEAL2

balance leastconn

url "/*"

protocol tcp

port 80

no persistent

advanced-balance arrowpoint-cookie

vip address 172.16.1.22

content WebSEAL-HTTPS

add service SSL

application ssl

protocol tcp

port 443

balance leastconn

sticky-inact-timeout 1

advanced-balance ssl

vip address 172.16.1.22

active

content http-90

protocol tcp

port 80

url "/*"

application ssl

balance leastconn

no persistent

add service webSEAL1

add service webSEAL2

vip address 172.16.1.22

active

!************ GROUP *************

group WebSEAL

add destination service webSEAL2

add destination service webSEAL1-https

add destination service webSEAL2-https

add destination service webSEAL1

vip address 172.16.1.22

add destination service SSL

add destination service SSL-Backend-SEAL1

add destination service SSL-Backend-SEAL2

active

CSS11501#