Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

CSS Load Balancing for MS Winsock Proxy Client

Has anyone load balanced Microsoft Winsock Proxy client? I am trying to load balance internal users using the Winsock client to two MS ISA Servers running Winsock proxy for application access to the internet.

Community Member

Re: CSS Load Balancing for MS Winsock Proxy Client

Last time I checked, the CSS was not able to load-balance the Winsock proxy client software for the use with Microsoft proxy servers because the Microsoft proxy servers need to talk/communicate directly to the client. Therefore, this application will fail because the client is expecting the VIP to respond and not the Microsoft proxy servers directly.

Community Member

Re: CSS Load Balancing for MS Winsock Proxy Client

Thanks for the post, I got this from Microsoft:

I wanted to update you on the information I investigated on the firewall client. I found the the actual port connection used to control the connection thru ISA is by default UDP. This UDP session is over 1745 to the ISA server. This intial connection then allows for a connection over an ephemeral port to the ISA server for the actual data transfer. The data transfer is done via a TCP connection. The connection control is UDP based by default. This can be changed in the Wspcfg.ini file. By adding the ControlChannel value to the WSP_client_app section of this file, you can use WSP.TCP to allow the connections to be based with TCP. In your situation, this may be the best scenario due to the connections being load balanced.

TCP is used by default when checking the Firewall configuration. This is why the traces showed the connection with TCP.

Information on this can be found in the ISA help files. In the search panel of the ISA help, type in "ControlChannel" without the quotes and it will show information on this feature.

I will re-test with TCP only setup, and see if this helps. I also have some sniffer traces I need to review to see if maybe NAT is killing me, not UDP traffic.

I'll post back my findings next week.

CreatePlease to create content