Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
806
Views
1
Helpful
4
Replies

SSL Module Session Timeout after 10 Minutes

metro.gmarsh
Level 1
Level 1

‎06-30-2005 08:45 AM

I have 4 6509s 2 are distribution and 2 are access…the 2 distro have a fwsm, ssl module, and a csm. The csm I have in bridge mode with default gateway as the fwsm, and almost all the services are an ssl offload. Now, Everything works great, but one piece, one of the programmers to one of the apps, has created the report that takes almost an hour to generate, and well the session times out after 10 minutes, thus causing the report to die. I have troubleshot the issue and isolated it down to the ssl module causing the 10 minute timeout. I ran the report straight to throught csm to the real server and it works, I created a plain text vserver for the report to the serverfarm and that works, now mind you I had to modify the timeouts on the firewall first, but it all works, now when I go to the VIP that has SSL offloading, it dies at exactly 10 minutes. I have tried creating SSL Policies and TCP policies and applying them to the SSL-Proxy service in use and that doesn’t seem to have an effect…I need some advice to get me down the right path, any help would be great!!!

Labels:
0 Helpful
4 Replies 4

mmellet
Level 3
Level 3

‎07-06-2005 11:08 AM

Try using the following command in the content rule. This should solve the problem.

"flow-timeout-multiplier x" where x is an integer. The css multiply x by 16 to have the timeout in seconds. so any value higher than 5 is good for you. For more information on this command have a look at the following URL.

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_command_reference_chapter09186a00801577bd.html#wp1139589

Gilles Dufour
Cisco Employee
Cisco Employee
In response to mmellet

‎07-07-2005 06:49 AM

this is a CSM not a CSS :-(

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee

‎07-07-2005 06:54 AM

http://www.cisco.com/en/US/products/hw/switches/ps708/products_installation_and_configuration_guide_chapter09186a008018917a.html

ssl-proxy policy tcp

[no] timeout inactivity

Regards,

Gilles.

0 Helpful

metro.gmarsh
Level 1
Level 1
In response to Gilles Dufour

‎07-15-2005 06:46 AM

thanks...and to take it a step further I found that the tcp policy had to put on the virtual and the server side of the ssl-proxy service along with an ssl policy on the virtual...and thanks for your help...

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Top