Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1965
Views
0
Helpful
4
Replies

FTPS with ACE 4710

Rajiv Dasmohapatra
Level 2
Level 2

‎07-10-2009 08:35 AM

Hi,

I need to configure ACE for load-balancing FTPS. And simply deploying L4 policies are not helping either. Configured the FTPS servers and both of them are working fine when accessed via physical IP, but do not work when accessed via the VIP.

if it is possible, a reference URL would really be a great help.

Labels:
0 Helpful
4 Replies 4

sachinga.hcl
Level 4
Level 4

‎07-13-2009 03:13 AM

Hi Rajiv,

Do you want to loadbalance SFTP ?

Or just have it pass through ??

Loadbalancing SFTP is difficult because it starts as regular FTP and switches over to SSL which ACE can't do and fails to understand.

you don't need anything to have it passthrough.

As long as you don't ask ACE to inspect the traffic, and assuming this traffic is permitted in your access-group, then there is nothing to do to have it go through.

I think your goal is to distribute inbound file deposits evenly across SFTP servers.

High-level Overview

Clients -> Internet -> Tier-1 Firewall -> ACE Load-balancer -> SFTP Servers

I would like to tell you that SFTP is nothing but SSH. It uses a single connection. There are no issues loadbalancing it using traditional Layer 4 load balancing.

So you are good.

On the other hand FTP over SSL (FTPS) can neither offloaded nor loadbalanced using ACE.

FTPS uses multiple channels and Since the control channel is encrypted, ACe is not able to get the port numbers for the data connections.

Kindly find these examples for FTP load balance method in cisco ACE:

1. FTP serverfarm on Cisco ACE

http://snippets101.blogspot.com/2007/06/ftp-serverfarm-on-cisco-ace.html

2. FTP Load Balancing on ACE in Routed Mode Configuration Example

http://docwiki.cisco.com/wiki/FTP_Load_Balancing_on_ACE_in_Routed_Mode_Configuration_Example

3. FTP Load Balancing on ACE in One-Arm Mode Configuration Example

http://docwiki.cisco.com/wiki/FTP_Load_Balancing_on_ACE_in_One-Arm_Mode_Configuration_Example

Kindly refer the folowing URL for Layer4 policies:

http://cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c3048.shtml

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/classlb.html

http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_(ACE)_Module_Troubleshooting_Guide,_Release_A2(x)_--_Troubleshooting_Layer_4_Load_Balancing

http://snippets101.blogspot.com/2008/08/cisco-ace-and-private-vlans-in-switch.html

http://snippets101.blogspot.com/2008/08/asymmetric-server-normalization-on.html

http://docwiki.cisco.com/wiki/Cisco_ACE_4700_Series_Appliance_Quick_Start_Guide,_Release_A3(1.0)_--_Configuring_Server_Load_Balancing

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/security/guide/tcpipnrm.html#wpmkr1116809

Hope it will help you furhter in configuring the ACE load balancing L4 policies.

Kindly rate

Sachin Garg

0 Helpful

Rajiv Dasmohapatra
Level 2
Level 2
In response to sachinga.hcl

‎07-13-2009 05:33 AM

Thanks sachin, I have the docs already but i wanted to loadbalance FTPS (FTP over SSL).

0 Helpful

sachinga.hcl
Level 4
Level 4
In response to Rajiv Dasmohapatra

‎07-13-2009 06:16 AM

FTP over SSL (FTPS) can neither offloaded nor loadbalanced using ACE.

0 Helpful

Rajiv Dasmohapatra
Level 2
Level 2
In response to sachinga.hcl

‎07-13-2009 06:23 AM

but is there any cisco document stating this. i need to show it to customer.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents