Re: CS11152 SSL Not working [7:36505]

Wed, 27 Feb 2002 14:23:31 -0800 

I came up with the follwoing solution in case anyone else runs into this
problem. Instead of icmp it does a connect to port 443 on webserver and
sends an RST after it verifies the socket is open. Not the perfect solution
but it can detect when the web service fails. Its been tested and works
well.

 service svc-w1.test-secure
  ip address 10.10.10.41
  port 443
  keepalive method get
  keepalive type tcp
  keepalive port 443
  active

service svc-w21.test-secure
  ip address 10.10.10.42
  port 443
  keepalive method get
  keepalive type tcp
  keepalive port 443
  active

 content cnt-www.cobrand-secure
    protocol tcp
    port 443
    balance aca
    url "/*"
    service svc-w1.test-secure
    service svc-w2.test-secure
     vip address 172.16.243.40
    application ssl
    active


""sam sneed""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello group,
>
> I am trying to get a CS11152 (old arrowpoint)  to load balance SSL
> conections to 2 servers but it is not working. SSL works on the servers
and
> if I change my DNS so traffic does not got to the CS11252 VIP address but
> simply routes through it to the servers the public can get an SSL
conncetion
> to my server. (please note i am using public IP addresses for on the
servers
> NIC and as a VIP.). Whe I do a show services summary it tell me the
service
> is down:
>
> svc-w1.test-secure           Down          0      1   255            0
> svc-w2.test-secure           Down          0      1   255            0
>
> Can anyone see what i'm dong wrong?
>
> Here is the services/content configs:
>
> service svc-w1.test-secure
>   ip address 10.10.10.41
>   port 443
>   keepalive type http
>   keepalive method get
>   keepalive uri "/http-ping.html"
>   active
>
> service svc-w2.test-secure
>   ip address 10.10.10.42
>   port 443
>   keepalive type http
>   keepalive method get
>   keepalive uri "/http-ping.html"
>   active
>
> content cnt-www.test-secure
>     protocol tcp
>     port 443
>     balance aca
>     url "/*"
>     add service svc-w1.test-secure
>     add service svc-w2.test-secure
>     vip address 172.16.243.40
>     active




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36720&t=36505
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to