Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
676
Views
0
Helpful
5
Replies

Urgent Please.... Help on https issue

hassan_oudeh
Level 1
Level 1

‎01-31-2008 12:23 AM

Hi,

I have CSS11501, i have problem during accessing the server with the VIP only when using https, ssl certificates has been installed in CSS. That is i tried with http only and it worked fine. but when use https im getting a session expired all the time

i checked also with IE and Mozilla and found out both are the same message always "Session Expired" but noticed with Mozilla always the behavoiur is much much better !!

there is no no load-balancing, and i was checking with bot set of servers PUSH/PULL and GOTBOFE (as attached file shows) and on both im getting the same problem !!

Please Can you advice !!!

Regards,

Hasan

Labels:
Preview file
7 KB
0 Helpful
5 Replies 5

Gilles Dufour
Cisco Employee
Cisco Employee

‎01-31-2008 01:07 AM

Hasan,

what do you mean by session expired ?

Are you able to see the page, but after a while, when you click on a link you get a session expired ?

There is 4 minutes idle timeout on the ssl-module.

Virtual TCP Inactivity TO: 240 Server TCP Inactivity TO: 240

After that, the connection is removed.

Not sure if that is the problem.

Maybe get us a sniffer trace showing the problem and explain what you see and do before getting the error.

Gilles.

0 Helpful

hassan_oudeh
Level 1
Level 1
In response to Gilles Dufour

‎02-01-2008 09:53 AM

Gilles..

thanks for your response...

i found where the problem ...

there was some packests being sent from thr CSS to the server which exceed the m aximum segment size. and the firwall was blocking these traffice :) from the loggin message from the ASA firewall i was seing exceed-mss

after 3 days of troublshooting finally we got it :)

anyways thanks

0 Helpful

Oscar Cardiel
Level 1
Level 1
In response to hassan_oudeh

‎11-25-2009 12:29 AM

Hi Hassan,

I have just the same issue. How do you solved it?, did you change the MSS size in the ASA straightly or in CSS with he commands “flow tcp-mss ..” and “tcp-ip fragment enable”.

Thanks you,

Oscar

0 Helpful

hassan_oudeh
Level 1
Level 1
In response to Oscar Cardiel

‎11-25-2009 12:34 AM

Hi

Actually that was very long time.

I really forgot the commands and I don't have access to the device.

But try enable the logging on the ASA and see what is happining exaclty in your case.

Regards,

0 Helpful

Oscar Cardiel
Level 1
Level 1
In response to hassan_oudeh

‎11-25-2009 01:01 AM

yep, that's a pity!, I will keep working with in it. Thanks a million!

Cheers,

Oscar

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card