I have a simple config to load balance two IIS web servers that run an application.
The ACE doesn't pass integrated auth. I also need to figure out a way to do probes, but right now I'm just using an icmp probe.
My pertinent config lines are as follows:
probe icmp ats_icmp_probe
passdetect interval 10
rserver host ats01
ip address 10.14.25.40
rserver host ats02
ip address 10.14.25.41
serverfarm host ats_http
rserver ats01 80
rserver ats02 80
sticky ip-netmask 255.255.255.255 address both sticky_ats_http
class-map match-all ats_vip_http
2 match virtual-address 10.14.1.42 tcp eq www
policy-map type loadbalance first-match ats_policy_http
policy-map multi-match ats_http_policy
loadbalance vip inservice
loadbalance policy ats_policy_http
loadbalance vip icmp-reply active
loadbalance vip advertise active
interface vlan 14
description CLIENT SIDE
ip address 10.14.1.10 255.255.255.0
service-policy input ats_http_policy
I dont see an ACL allowing traffic to Class-map.For traffic destined to a class map that is applied to a multi-match policy map, you must configure an ACL and apply it to an interface. Otherwise, the ACE denies all traffic on the interface.
If its not there then create an ACL and apply it to the vlan
access-list ALL line 10 extended permit ip any any
int vlan 14
access-group input ALL
Other than that Config looks OK.
If the ACL is already there:
With NTLM I have seen large HTTP headers.
Could you try applying a HTTP parameter map with "length continue", as this would change the default behaviour of dropping the request when the 2K limit is exceeded