I would think that it is can be LB at layer 4 like any other TCP/UDP transaction. Try creating a content rule for it and adding the services to it.

Do you mean something like this?

It doesn't work.

!*************************** GLOBAL

ip route 0.0.0.0 0.0.0.0 10.0.1.1 1

!************************** CIRCUIT

circuit VLAN1

ip address 10.0.1.65 255.255.255.0

!************************** SERVICE

service app1

ip address 10.0.1.67

active

service authentication

ip address 10.0.2.31

active

!*************************** OWNER

owner one

content app

add service app1

add service authentication

active

HI Ben,

well in your content is the Virutal missing which is addressed. basicaly there are in my opinion sevearl issues which have to be thought about. MS AD is as far as I know LDAP based with soe specials done by MS. The thing which has to be checked is if NAT is a problem as the IP-Address which the client uses (the VIP) will be natted on the real address of the server. Another issue is the fact that the return flow has to pass the CSS when coming from the server heading towards the server. Additionally stickiness might kick in too.

Hope that helped...

Kind regards,

Joerg

The VIP address (natting) will break AD. That is why I avoided using a VIP address.

There doesn't seem to be anything in Cisco's documentation/white papers addressing this yet. If someone has figured this out I would be grateful for their help

The obvious solution here (not sure why I missed it) was to create a one arm configuration.