Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Load balancing and MS domain-isolation in Cisco ACE

Hi,

I wonder if somebody out there has successfully deployed a load balancing solution for webservers in an isolated domain. (Microsoft SDI)
According to the server guys it runs ESP so it could work with a routed load balancing solution. If it was AH the IP-header can't be changed.
So I've tried to set it up as described in document http://www.cisco.com/web/JP/solution/places/literature/pdf/ACE_IPSec_Load_Balancing.pdf

using "directed mode".

Unfortunately it doesn't work.

It seems that after the first ISAKMP packet from the client, the server initiates an ESP session to the client, using it's own IP-address of course.

The client doesn't understand the ESP-packet as it doesn't come from the IP-address that the client contacted (the VIP address)

My thought is to try dispatch mode instead. But it is a bit reconfiguration in the servers and in some network equipment to do that.

So I tried this forum before I begin to move things around.

Is there a simple solution to this?

Best Regards,

/Torbjorn

459
Views
0
Helpful
0
Replies