Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco ACE Loadbalancing and LDAPS

Could anyone put me in the direction of a configuration document or advice on configuring load balancing with LDAP secure port. Ive read various articles about LDAPS not being supported on the ACE, is this correct?

I have partially configured this but have nat issues at the moment as its in one arm mode and this VLAN does not have any NAT configured. I have no configuration for the SSL termination and not quite sure how that will work either.


Any advice would be appreciated.

Everyone's tags (3)
2 REPLIES
Cisco Employee

Cisco ACE Loadbalancing and LDAPS

Hi Cassandra,

LDAP is not supported in ACE as a L7 protocol, but that doesn't mean you cannot load-balance it, it's simply that you cannot apply any kind of L7 inspection and forget also about the SSL termination. If you configure it for pure L4 load-balancing, it should be just like any other protocol.

If you are using one armed, you must find a way to send the return traffic through the ACE. This is normally done with the use of NAT, but, you may also use other methods such as policy-based routing. Be aware that unless this return traffic goes through the ACE, connections will not work, so there is no point in testing the application until this is fixed.

I hope this helps

Daniel

New Member

you can L4 loadbalancing for

you can L4 loadbalancing for LDAP over SSL,

Something like:

 

ssl-proxy service sfLDAP_SSL-Proxy

key LDAP-KEY-1024.pem

cert LDAPS.FOO.COM.pem

 

serverfarm host LDAP-SF

predictor leastconns

rserver rs1 389

  inservice

rserver rs2 389

   inservice

 

class-map match-any LDAPS-VIP

2 match virtual-address 10.10.10.100  tcp eq 636

 

policy-map type loadbalance first-match LDAP-L4-Policy

class class-default

   serverfarm LDAP-SF

 

policy-map multi-match LDAP-MM

class LDAPS-VIP

   loadbalance vip inservice

   loadbalance policy LDAP-L4-POLICY

   ssl-proxy server LDAP-SSL-PROXY

1778
Views
0
Helpful
2
Replies
CreatePlease to create content