load balancing sftp servers on css11503

Unanswered Question
Jul 4th, 2008
User Badges:

I have an 11503 and I am trying to load balance sftp servers behind it. not sure why it's not working.


here is the content rule:


content test_sftp

add service www1_sftp

add service www2_sftp

port 22

protocol tcp

balance aca

advanced-balance sticky-srcip

vip address 172.17.0.248

active


here are the service rules:


service www1_sftp

ip address 172.17.0.27

protocol tcp

keepalive port 22

keepalive type tcp

active


service www2_sftp

ip address 172.17.0.25

protocol tcp

keepalive port 22

keepalive type tcp

active



couple of questions:


1) do I need to set up a source group like I would have to for ftp? Does the return traffic from the servers need to be NAT'd back out as the VIP?


2) the content rule and service rules are all set for port 22 only....is that enough ports open for the control and data channels? I think sftp uses port 22 for both.



Any assistance would be greatly appreciated.


Thanks!


Sandeep


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Sun, 07/06/2008 - 01:17
User Badges:
  • Cisco Employee,

You definitely need a group to nat the data-channel.

But I'm not even sure that will make it work.

You can give it a try so.


Gilles.

Actions

This Discussion