We have the same issue here, but since our physical web servers run both a secure and unsecure site, we simply use ping for the secure service and an http get for the unsecure service. If we see the unsecure site go down, we know users won't be able to get to the secure site either. If it were possible we could get away with turning off keepalives on the secure site since it's kind of pointless.
I believe it's possible to setup scripted keepalives where the CSS actually logs into your secure site but that's way to much work. :-) John >>> "sam sneed" 2/26/02 9:58:54 AM >>> I was thinking the same thing but I did not try that. My problem with that is if the HTTP service fails and SSL down with it the ping will still show the server as availbale and forward requests to it. You think there is some way I could specify the keepalive with a port # instead of type http? ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Could this have something to do with your keepalive setting? Have you > tried using a standard ping keepalive to see if that helps? I wasn't > aware that you could use the http keepalive on port 443 with this box. > > John > > >>> "sam sneed" 2/26/02 9:23:04 AM >>> > Hello group, > > I am trying to get a CS11152 (old arrowpoint) to load balance SSL > conections to 2 servers but it is not working. SSL works on the servers > and > if I change my DNS so traffic does not got to the CS11252 VIP address > but > simply routes through it to the servers the public can get an SSL > conncetion > to my server. (please note i am using public IP addresses for on the > servers > NIC and as a VIP.). Whe I do a show services summary it tell me the > service > is down: > > svc-w1.test-secure Down 0 1 255 0 > svc-w2.test-secure Down 0 1 255 0 > > Can anyone see what i'm dong wrong? > > Here is the services/content configs: > > service svc-w1.test-secure > ip address 10.10.10.41 > port 443 > keepalive type http > keepalive method get > keepalive uri "/http-ping.html" > active > > service svc-w2.test-secure > ip address 10.10.10.42 > port 443 > keepalive type http > keepalive method get > keepalive uri "/http-ping.html" > active > > content cnt-www.test-secure > protocol tcp > port 443 > balance aca > url "/*" > add service svc-w1.test-secure > add service svc-w2.test-secure > vip address 172.16.243.40 > active Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36514&t=36505 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
