11-21-2007 08:53 AM - edited 03-05-2019 07:33 PM
I need to be able to load balance SSH connections from a single external IP address of our ACE module to any number of servers. I can't modify the SSH servers to make their encryption keys match, but I need to get around the problem of the key for the ACE IP appearing to change from the client's perspective. I'd like to be able to proxy the connection like I do for SSL, but I haven't found a way to do that.
Any suggestions are much appreciated!
11-27-2007 12:57 PM
If you want to use SLB only, you must configure certain parameters and disable some of the ACE security features .
perform the following things
"Configuring a global permit-all ACL and applying it to all interfaces in a context to open all ports
"Disabling TCP/IP normalization
"Disabling ICMP security checks
"Configuring SLB
11-27-2007 02:00 PM
Maybe I'm missing something, but how does that get around the problem of the client receiving different SSH encryption keys from the different load balanced servers?
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide