Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

UNABLE TO MAINTAIN FTP SESSIONS

Problem Description: We have configured two CSS in active standby mode with ASR.

We have FTP / WEBSERVERS on private side of CSS.

The clients are coming through 2 PIX525 configured for Stateful failover.

when we establish an FTP connection from client we are able to maintain the connection in the normal state.

But as soon as any kind of link failure on private side of CSS the FTP connection gets terminated.

The case is same with the CSS BOX failure.

We confirmed that the dormant flows are happening for the Backup CSS

please refer to the OWNER configuration.appended below.

!*************************** OWNER ***************************

owner L5_Owner

content L3_Rule

add service Server1

vip address 192.168.2.50

balance aca

redundant-index 6

add service Server2

active

content L5_Rule

add service Server1

vip address 192.168.2.50

protocol tcp

port 80

url "/*"

balance aca

--More--- redundant-index 5

add service Server2

active

!*************************** GROUP ***************************

group group1

vip address 192.168.2.50

add service Server1

redundant-index 4

add service Server2

active

1 REPLY
Bronze

Re: UNABLE TO MAINTAIN FTP SESSIONS

Hi,

I did successfully configure staefull redundant ftp-loadbalancing between a 11503 and a 11506. From my experience there the shown parts of your config are looking quite good BUT I would configure an ftp-content-rule using the application ftp-control command in it for loadbalancing FTP-Servers (I did it that way). This should make the CSS realy aware of the flow states(and replicate them via ISC).

Some adoptions regarding your configuration:

I guess the redundant-index is configured in the service too. Further more I suppose that the redundancy stuff (cirtical service if needed) for the VIP- and the GW-redundancy are configured properly too.

If the upper suggestion regarding the ftp-content-rule won't end in success or in case you want to find out what the problem with the Layer-3 Rule is I would suggest the following steps:

- Just check the PIX logs if a teardown happens there.

- Take some sniffer-traces between the PIX and the CSSes and between the CSSes and the FTP-server to find out who drops the FTP-session.

Btw I found some intressting notes on CCO:

-- snip (taken from http://www.cisco.com/en/US/partner/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00801577ce.html)

During an FTP failover, the control channel and/or the data channel need to share information with the backup CSS. If the current state information has not been fully transferred across the ISC link to the backup CSS, then the flow may be lost.

-- snip

Hope that helps..

Cheers,

Joerg

118
Views
0
Helpful
1
Replies
CreatePlease login to create content