Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
616
Views
0
Helpful
1
Replies

load balancing sftp servers on css11503

yycsandman007
Level 1
Level 1

‎07-04-2008 08:38 PM

I have an 11503 and I am trying to load balance sftp servers behind it. not sure why it's not working.

here is the content rule:

content test_sftp

add service www1_sftp

add service www2_sftp

port 22

protocol tcp

balance aca

advanced-balance sticky-srcip

vip address 172.17.0.248

active

here are the service rules:

service www1_sftp

ip address 172.17.0.27

protocol tcp

keepalive port 22

keepalive type tcp

active

service www2_sftp

ip address 172.17.0.25

protocol tcp

keepalive port 22

keepalive type tcp

active

couple of questions:

1) do I need to set up a source group like I would have to for ftp? Does the return traffic from the servers need to be NAT'd back out as the VIP?

2) the content rule and service rules are all set for port 22 only....is that enough ports open for the control and data channels? I think sftp uses port 22 for both.

Any assistance would be greatly appreciated.

Thanks!

Sandeep

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎07-06-2008 01:17 AM

You definitely need a group to nat the data-channel.

But I'm not even sure that will make it work.

You can give it a try so.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents