We help IT Professionals succeed at work.

How do I setup sticky connections for Citrix Web Interface using CSS in a Secure Gateway environment?

1,528 Views
Last Modified: 2008-08-12
What is the correct method to load balance Web Interface and Secure Gateway using Cisco CSS? Our Web Interface servers sit behind the Secure Gateway servers. The Secure Gateway servers have a Verisign SSL certificate and reverse proxy connection to the WI. We have the CSS setup correctly using the SSL load balance method and the SG servers work fine. The Web Interface servers that are using HTTP (80) do not. What is the correct setting(s) in CSS for this environment? Has anybody set this up? Thank you for your assistance.
Comment
Watch Question

Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks for the comments. Our SSL side via SG is functioning. In CSS this is fairly easy. The load balancing method is SSL. If it's not SSL you have a wide range of options.

Application Type is: HTTP
Advanced Balance Method: SSL, cookieURL, URL, cookies, sticky-srcip-dstport, sticky-srcip, arrowpoint cookie.

I've tried all of the those options to maintain a connection to the same server, but it appears to not function. The closest I've come is using the Advanced Balance Method "cookies" with a string operation of match-service-cookie. In addition I've assigned a string to each WI server service. This will function for awhile using the WI, but it will fail and send me to the logged off screen when I attempt to navigate within the WI if I wait for a 30 seconds or so. When it does send me to the logged out screen the address bar will read ..MessageKey=SessionExpired.. Then it will be broken until I delete my cookie that is provided from the WI. Do I need to change my keepalive type (default is icmp)? It almost seems like a time-out issue of some sort.
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.