Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

load balancing sftp servers on css11503

I have an 11503 and I am trying to load balance sftp servers behind it. not sure why it's not working.

here is the content rule:

content test_sftp

add service www1_sftp

add service www2_sftp

port 22

protocol tcp

balance aca

advanced-balance sticky-srcip

vip address 172.17.0.248

active

here are the service rules:

service www1_sftp

ip address 172.17.0.27

protocol tcp

keepalive port 22

keepalive type tcp

active

service www2_sftp

ip address 172.17.0.25

protocol tcp

keepalive port 22

keepalive type tcp

active

couple of questions:

1) do I need to set up a source group like I would have to for ftp? Does the return traffic from the servers need to be NAT'd back out as the VIP?

2) the content rule and service rules are all set for port 22 only....is that enough ports open for the control and data channels? I think sftp uses port 22 for both.

Any assistance would be greatly appreciated.

Thanks!

Sandeep

1 REPLY
Cisco Employee

Re: load balancing sftp servers on css11503

You definitely need a group to nat the data-channel.

But I'm not even sure that will make it work.

You can give it a try so.

Gilles.

413
Views
0
Helpful
1
Replies