Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
0
Helpful
1
Replies

Load-balancing nat-t connections to VPN concentrators

gmiiller
Level 1
Level 1

‎08-19-2004 10:18 PM

I'm currently using a CSS to provide redundancy across some nat-t VPN RAS sessions to some VPN concentrators (in different geographical areas) This works fine, but because I have to create content rules for both UDP 500 and UDP 4500 traffic, I'm concenred that if I move to a genuine load-balanced arrangement instead of merely redundancy, the CSS units might decide to direct UDP500 traffic from a remote user to one concentrator, and the subsequent UDP4500 traffic to another. I tried port ranges and a single content rule - no success. Does anyone know how to associate 2 udp content rules to enforce traffic symmetry, or will a default srcip balancing rule see the concentrator balance traffic based on srcip globally across all content rules?

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎08-20-2004 06:41 AM

if you do balance srcip, the CSS will use a hash and this hash function should be the same for all the content rules, so giving you the same results.

A single layer3 content rule with advanced-balance sitcky-srcip should work as well.

Regards,

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents