Using ACE to Load Balance PPTP flows

Unanswered Question

hello,


I'm working on getting my ACE modules to load balance PPTP traffic between two servers.

In the initial setup I want all traffic to go to one server. Below is my initial configuration but it

just is not working. Does anyone have any ideas on what is wrong with my configuration.


switch-mode
access-list any line 8 extended permit ip any any




rserver host server1
  ip address 10.x.x.x
  inservice
rserver host ushq-dev-vpn2
  ip address 10.x.x.x
  inservice


serverfarm host GRE
  rserver server11 47
    backup-rserver ushq-dev-vpn2 47
    inservice
  rserver server2 47
    inservice standby
serverfarm host PPTP
  rserver server1 1723
    backup-rserver ushq-dev-vpn2 1723
    inservice
  rserver server2 1723
    inservice standby


class-map match-all GRE
  2 match virtual-address 10.x.x.x tcp eq 47


class-map match-all PPTP
  2 match virtual-address 10.x.x.x tcp eq 1723


class-map type management match-any REMOTE_ACCESS
  2 match protocol telnet any
  3 match protocol icmp any
  4 match protocol snmp any


policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
  class REMOTE_ACCESS
    permit


policy-map type loadbalance first-match GRE-Policy
  class class-default
    serverfarm GRE
policy-map type loadbalance first-match PPTP-Policy
  class class-default
    serverfarm PPTP


policy-map multi-match VIPs
  class PPTP
    loadbalance vip inservice
    loadbalance policy PPTP-Policy
    loadbalance vip icmp-reply
  class GRE
    loadbalance vip inservice
    loadbalance policy GRE-Policy
    loadbalance vip icmp-reply
  class class-default


interface vlan 501
  access-group input any
  service-policy input REMOTE_MGMT_ALLOW_POLICY
  service-policy input VIPs
  no shutdown
interface vlan 525
  no normalization
  no icmp-guard
  no shutdown


ip route 0.0.0.0 0.0.0.0 10.x.x.1

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
litrenta Tue, 08/03/2010 - 13:02
User Badges:
  • Cisco Employee,

since the tunnel is

neither tcp or udp ace cannot loadbalnce pptp. Ace can only load balance tcp or

udp flows.  You can LB the control channel but without any application

inspection support ther is no fixup for the gre tunnel.

Actions

This Discussion