I see what your saying but we have a couple dedicated servers for secure transcations.theres gotta be an easier way to do this without writitng the scripts. I'm gonna stay on it till I find and I'll post the config once i get working, hopefully by the end of the day. Thanks for the input.
""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > We have the same issue here, but since our physical web servers run both > a secure and unsecure site, we simply use ping for the secure service > and an http get for the unsecure service. If we see the unsecure site > go down, we know users won't be able to get to the secure site either. > If it were possible we could get away with turning off keepalives on the > secure site since it's kind of pointless. > > I believe it's possible to setup scripted keepalives where the CSS > actually logs into your secure site but that's way to much work. :-) > > John > > >>> "sam sneed" 2/26/02 9:58:54 AM >>> > I was thinking the same thing but I did not try that. My problem with > that > is if the HTTP service fails and SSL down with it the ping will still > show > the server as availbale and forward requests to it. You think there is > some > way I could specify the keepalive with a port # instead of type http? > > ""John Neiberger"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Could this have something to do with your keepalive setting? Have > you > > tried using a standard ping keepalive to see if that helps? I > wasn't > > aware that you could use the http keepalive on port 443 with this > box. > > > > John > > > > >>> "sam sneed" 2/26/02 9:23:04 AM >>> > > Hello group, > > > > I am trying to get a CS11152 (old arrowpoint) to load balance SSL > > conections to 2 servers but it is not working. SSL works on the > servers > > and > > if I change my DNS so traffic does not got to the CS11252 VIP > address > > but > > simply routes through it to the servers the public can get an SSL > > conncetion > > to my server. (please note i am using public IP addresses for on the > > servers > > NIC and as a VIP.). Whe I do a show services summary it tell me the > > service > > is down: > > > > svc-w1.test-secure Down 0 1 255 > 0 > > svc-w2.test-secure Down 0 1 255 > 0 > > > > Can anyone see what i'm dong wrong? > > > > Here is the services/content configs: > > > > service svc-w1.test-secure > > ip address 10.10.10.41 > > port 443 > > keepalive type http > > keepalive method get > > keepalive uri "/http-ping.html" > > active > > > > service svc-w2.test-secure > > ip address 10.10.10.42 > > port 443 > > keepalive type http > > keepalive method get > > keepalive uri "/http-ping.html" > > active > > > > content cnt-www.test-secure > > protocol tcp > > port 443 > > balance aca > > url "/*" > > add service svc-w1.test-secure > > add service svc-w2.test-secure > > vip address 172.16.243.40 > > active Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36519&t=36505 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]