Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
650
Views
0
Helpful
1
Replies

HTTPS probe fails on ACE30; Conn reset by server; Handshake Fail

AronLilley
Level 1
Level 1

‎09-28-2015 12:02 PM

Hello and thank you for reading.  I have an ACE30 (A5(3.0)) with an https probe configured to check for a page redirect and was working great until the servers it was checking updated their certs.  Since then, it has failed with a connection reset by server.  I performed some packet captures and revealed a Fatal Alert; Desc: Internal Error.  The communication goes like this:

ACE - > Server : Client Hello
Server -> ACE : Server Hello. Certificate
Server -> ACE: Continuation data
ACE - > Server: Alert (level: Fatal. Description: Internal Error)

The log on the ace only reflects the probe fail reason (conn reset by server).  My guess is the handshake is failing for the probe to be successful.  However, I'm not confident in what would need to be changed to make this work.  We have never and are not doing any SSL initiation/termination on the ACE for regular traffic flow.  Probe is configured as follows:

probe https HTTPS
  interval 5
  passdetect interval 5
  passdetect count 2
  ssl version all
  request method get url /Default.aspx
  expect status 302 302

If you have any suggetions on where to look next, please let me know.  Again, thank you for reading.

Labels:
0 Helpful
1 Reply 1

Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎09-30-2015 08:31 AM

Hi,

From your explanation it seems that ACE is not liking the server hello. Can you send us the pcap taken for review?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card