Link to home
Create AccountLog in
Avatar of DShelton777
DShelton777

asked on

How do I setup sticky connections for Citrix Web Interface using CSS in a Secure Gateway environment?

What is the correct method to load balance Web Interface and Secure Gateway using Cisco CSS? Our Web Interface servers sit behind the Secure Gateway servers. The Secure Gateway servers have a Verisign SSL certificate and reverse proxy connection to the WI. We have the CSS setup correctly using the SSL load balance method and the SG servers work fine. The Web Interface servers that are using HTTP (80) do not. What is the correct setting(s) in CSS for this environment? Has anybody set this up? Thank you for your assistance.
SOLUTION
Avatar of koudry
koudry
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of DShelton777
DShelton777

ASKER

Thanks for the comments. Our SSL side via SG is functioning. In CSS this is fairly easy. The load balancing method is SSL. If it's not SSL you have a wide range of options.

Application Type is: HTTP
Advanced Balance Method: SSL, cookieURL, URL, cookies, sticky-srcip-dstport, sticky-srcip, arrowpoint cookie.

I've tried all of the those options to maintain a connection to the same server, but it appears to not function. The closest I've come is using the Advanced Balance Method "cookies" with a string operation of match-service-cookie. In addition I've assigned a string to each WI server service. This will function for awhile using the WI, but it will fail and send me to the logged off screen when I attempt to navigate within the WI if I wait for a 30 seconds or so. When it does send me to the logged out screen the address bar will read ..MessageKey=SessionExpired.. Then it will be broken until I delete my cookie that is provided from the WI. Do I need to change my keepalive type (default is icmp)? It almost seems like a time-out issue of some sort.
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.