Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
0
Helpful
1
Replies

sticky assistance please!

aoshea
Level 1
Level 1

‎05-26-2006 07:18 AM

Dear Netprof,

I’m having problems with maintaining sticky sessions on the ssl proxy feature of my 11501 content switch.

I’ve seemed to have managed to get the 11501 to stick to one web server whilst using ssl, but had to modify the ‘content L3_Rule’ to balance on src address. And this seems to have slowed down all access both http & https through the 11501.

I also now seem to be both sticky in both http & https, can anyone help me here, what I want is just sticky in ssl (https) and load balance in http.

Thanks in advance, config below;

Regards, Adrian.

CSS11501# sh run

!Generated on 26/05/2006 16:05:40

!Active version: sg0810002

configure

!*************************** GLOBAL ***************************

date european-date

ssl associate rsakey TESTrsakey TESTrsakeyfile1

ssl associate cert TESTrsacert TESTSSLcertfile.pem

ftp-record ftpserv 192.168.68.189 anonymous des-password xx /outgoing

ip route 0.0.0.0 0.0.0.0 192.168.68.161 1

!************************** CIRCUIT **************************

circuit VLAN1

ip address 192.168.68.171 255.255.255.240

!*********************** SSL PROXY LIST ***********************

ssl-proxy-list ssl_list1

ssl-server 20

ssl-server 20 vip address 192.168.68.174

ssl-server 20 rsakey TESTrsakey

ssl-server 20 rsacert TESTrsacert

ssl-server 20 cipher rsa-with-rc4-128-md5 192.168.68.174 8080 weight 5

active

!************************** SERVICE **************************

service TEST-GR4-WEB01

ip address 192.168.68.173

active

service TEST-GR4-WEB02

ip address 192.168.68.172

active

service ssl_serv1

type ssl-accel

slot 2

keepalive type none

add ssl-proxy-list ssl_list1

active

!*************************** OWNER ***************************

owner L5_Owner

content L3_Rule

add service TEST-GR4-WEB01

add service TEST-GR4-WEB02

vip address 192.168.68.174

balance srcip

active

content L5_Rule

add service TEST-GR4-WEB01

add service TEST-GR4-WEB02

vip address 192.168.68.174

protocol tcp

port 80

url "/*"

balance aca

active

owner ssl_owner

content ssl_rule1

vip address 192.168.68.174

protocol tcp

port 443

application ssl

add service ssl_serv1

active

CSS11501#

Labels:
0 Helpful
1 Reply 1

sbilgi
Level 5
Level 5

‎06-01-2006 08:14 AM

Try using the L3 content rule .

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card