Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
831
Views
0
Helpful
3
Replies

HTTPS connections and optimized traffic not in graphs

jkeeffe
Level 2
Level 2

‎08-25-2011 10:15 AM

Again running 4.4.1, I see HTTPS connections being optimized, both using the CLI and the CM 'Connection Statistics' page for a device.  But when viewing the 'Traffic Summary' or 'HTTPS Acceleration Report' no HTTPS statistics or HTTPS connections show up - the only thing that displays is 'All Traffic'.

CLI 'show statis conn' -

  8058   164.72.52.154:14025     69.164.85.151:443 00:21:5e:76:73:90 TSDL  83.4%

  8059   164.72.52.154:14494     69.164.85.151:443 00:21:5e:76:73:90 TSDL  69.8%

  8060   164.72.52.154:14495     69.164.85.151:443 00:21:5e:76:73:90 TSDL  77.0%

CM 'HTTPS Acceleration Report'

Preview file
122 KB
0 Helpful
3 Replies 3

Bhavin Yadav
Cisco Employee
Cisco Employee

‎08-25-2011 11:02 AM

Hi Jeff,

It turned out the secure store was not initialized on the CM. After that we need to import the certificate and key from the web server and continue the configuration.

Something that you may want to try:

1. Make sure the secure store is initialized on the CM.

2. After that import the certificate and key from the web server on CM and give it few minutes to show up the graphs.

Regards.

0 Helpful

jkeeffe
Level 2
Level 2
In response to Bhavin Yadav

‎08-26-2011 07:36 AM

Secure store is enabled on CM using auto-generated passphrase mode, and the two WAAS devices that are accelerating SSL have secure store initialized and open, but they don't show auto-generated passphrase mode:

WAAS-CMngr#sh cms secure-store

Secure store is in 'CM auto-generated passphrase' mode in 'Open' state.

IKA-7341-K9#sh cms secure-store

Secure-store is initialized and open.

ROC-WAE-7341-IKA#sh cms secure-store

Secure-store is initialized and open.

Should the two WAAS devices also show auto-generated mode?  If the CM is in auto-generated mode, should all other devices be in that mode?

Concerning your second point, I don't quite understand what you're saying. Which certificate do I import - the CM admin cert? - and to where? My browser, or to the two other WAAS devices? Where is the key?

The only cert on the CM is the admin one.

The certs on the other WAAS devices are:

         - Machine self-signed Cert

         - Management Service Cert

         - Managed Store: CA generated cert for SSL acceleration

         - Certificate Only Store: our Root.ca and Intermediate.ca for the cert chain

         -

0 Helpful

Bhavin Yadav
Cisco Employee
Cisco Employee
In response to jkeeffe

‎08-26-2011 01:25 PM

Hi Jeff,

It looks to me as there is a config issue with SSL AO. Can you please follow the steps and make sure all the steps are followed correctly?

Here are the steps:

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v431/configuration/guide/policy.html#wp1096862

Regards.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card