• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Does ACE replicate SSL sessions?

C

Cooky

Golden Member
We're implementing a redundant ACE module w/ a redundant 6500 chassis, and would like someone to confirm whether or not SSL stateful failover works between the two ACE modules.

If the primary active ACE or 6504 fails, do users need to re-establish all active SSL sessions, or are their sessions kept alive after failover occurs?

If Cisco's ACE doesn't do SSL stateful failover, whose product does it?
 
I couldn't believe SSL failover was not supported, so opened a case w/ Cisco TAC.

Here's their response (trying my best to state it in correct words):
Even though SSL ID's are not replicated over (actually a security feature, so that the ID can't be hijacked), most browsers automatically re-negotiates SSL after it fails over to secondary ACE, and thus it would be transparent to end users.

I guess one can argue SSL failover isn't supported, but to end users' point of view, it is.

=========
Side note:
Right after I opened the SR online (3 minutes or so), I called the 800 number and actually got to the assigned engineer right away, and didn't have to go through any dispatcher and explain any non-sense.

She was in Australia TAC, and pretty much answered all my questions & concerns within 10 minutes.

I generally find Australia TAC more reliable & quicker than the ones in the U.S....no offense in case anyone from SJ or RTP TAC is reading.
 
Cooky, I'll second your aside - the Austrialia TAC folks are way more helpful and are native English speakers. I've had extremely poor experiences with the SJ TAC. So for everyone with Cisco problems and a support contract that will allow it, call late night when the number gets routed to Australia.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top