Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACE load balancing of SSH

I need to be able to load balance SSH connections from a single external IP address of our ACE module to any number of servers. I can't modify the SSH servers to make their encryption keys match, but I need to get around the problem of the key for the ACE IP appearing to change from the client's perspective. I'd like to be able to proxy the connection like I do for SSL, but I haven't found a way to do that.

Any suggestions are much appreciated!

2 REPLIES
Silver

Re: ACE load balancing of SSH

If you want to use SLB only, you must configure certain parameters and disable some of the ACE security features .

perform the following things

"Configuring a global permit-all ACL and applying it to all interfaces in a context to open all ports

"Disabling TCP/IP normalization

"Disabling ICMP security checks

"Configuring SLB

Community Member

Re: ACE load balancing of SSH

Maybe I'm missing something, but how does that get around the problem of the client receiving different SSH encryption keys from the different load balanced servers?

Thanks!

978
Views
0
Helpful
2
Replies
CreatePlease to create content