Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
606
Views
0
Helpful
4
Replies

CSS 11503 with 7.3 code SSL issue

unitus
Level 1
Level 1

‎08-29-2005 06:30 AM

We have redundany Cisco 11503 content switches. Recently we attempted an upgrade from 7.3 code to 7.5 code. After doing so, none of the SSL streams would work (we terminate SSL for several servers on the SSL module). The only way to establis the SSL streams again and pass that traffic was to go back to the 7.3 code. Can anyone assist? Also, does anyone know if the new code allows you to add SSL certs and make them active without taking down the SSL mod?

Thanks!

Labels:
0 Helpful
4 Replies 4

Gilles Dufour
Cisco Employee
Cisco Employee

‎08-29-2005 06:42 AM

for the ssl issue, you will need to do some more troubleshooting.

- Was the traffic making it to the CSS ?

-'sho summary' and 'sho serv summary'.

- Was the CSS decrypting the traffic ?

- Do you see any hit on the decrypted rule ?

- sniffer trace ?

- 'sho ssl statistics' before and after tests ?

For the new features of 7.50, have a look at

http://www.cisco.com/en/US/products/hw/contnetw/ps792/prod_release_note09186a00804174d1.html#wp171185

"SSL proxy list modification without suspending a service"

Gilles.

0 Helpful

unitus
Level 1
Level 1

‎08-29-2005 07:33 AM

Hi Gilles,

I don't have much more information, as this was done on production gear and we had to restore service ASAP. I can tell you that the code change was the only change made. The SSL requests were hitting the CSS SSL module, but the module was not opening flows and processing the streams. The servers (services) behind the CSS were alive at the time. As soon as code was brought back to the 7.3 level, SSL streams flowed like normal. I will try to get some more information from one of the other guys on my team that did the upgrade.

Frank

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to unitus

‎08-29-2005 11:21 AM

Frank,

a lot of things changed regarding the ssl module.

Did you load the very latest 7.50 version ?

We are doing many tests internally to validate the software, this is why I'm surprised nothing worked and also why I would like to get as much info as possible on what you saw.

Gilles.

0 Helpful

unitus
Level 1
Level 1
In response to Gilles Dufour

‎08-30-2005 05:31 AM

Hi Gilles,

Everything worked after the upgrade EXCEPT the SSL flows. I don't have the exact error (I'm trying to locate the capture) but the CSS processed all traffic correctly except for SSL flows. It would not process SSL streams after the upgrade of code. As soon as 7.3 code was put back on, everything worked fine. We are looking at another maintenance window in the next 45-60 days and want to ensure a successful upgrade. We will plan on the latest rev of 7.5x but just not sure why the previous upgrade failed with regards to SSL.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card