11-21-2007 08:53 AM - edited 03-05-2019 07:33 PM
I need to be able to load balance SSH connections from a single external IP address of our ACE module to any number of servers. I can't modify the SSH servers to make their encryption keys match, but I need to get around the problem of the key for the ACE IP appearing to change from the client's perspective. I'd like to be able to proxy the connection like I do for SSL, but I haven't found a way to do that.
Any suggestions are much appreciated!
11-27-2007 12:57 PM
If you want to use SLB only, you must configure certain parameters and disable some of the ACE security features .
perform the following things
"Configuring a global permit-all ACL and applying it to all interfaces in a context to open all ports
"Disabling TCP/IP normalization
"Disabling ICMP security checks
"Configuring SLB
11-27-2007 02:00 PM
Maybe I'm missing something, but how does that get around the problem of the client receiving different SSH encryption keys from the different load balanced servers?
Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: