ACE: load balancing servers using DMZ ports on FWSM

cfajardo1_2 · ‎04-28-2008

devices; (2 core with the ff config)

6500

fwsm

idsm

msfc

SETUP;

Servers are connected to the dmzs on the core

REQUIREMENT;

to load balance the servers

QUESTION;

Using the ACE module, is it possibe to load balance the servers which are connected to the port which is configured as DMZ?

Thanks

cfajardo1_2 · ‎04-29-2008

note that the 2 fwsm are on active/standby mode.

thanks

cfajardo1_2 · ‎04-29-2008

on cisco doc OL-9375-01 chapter 16, it discussess about firewall load balancing but never has been a server farm conneted on a firwall port (dmz on this case)

Gilles Dufour · ‎04-29-2008

does not matter where the servers are connected.

However, be aware that the flows from client to server needs to go through the loadbalancer BUT also the flows server to client.

So, you should be careful where you attach the ACE module.

The easier would be to attach to the DMZ as well between the FW and the servers.

Gilles.

cfajardo1_2 · ‎04-29-2008

Hello Giles,

"The easier would be to attach to the DMZ as well between the FW and the servers".

The above statement is not clear to me. Please elaborate.

thanks.

Gilles Dufour · ‎04-29-2008

--outside_vlan -- FW -- DMZ_vlan -- ACE --- Servers

G.

cfajardo1_2 · ‎05-10-2008

Hi Giles,

- so the ACE will be in between the DMZ and the servers?

- does your outside vlan mean users vlan?

Thanks