Re: ACE load balancing of SSH

dustin.black · ‎11-21-2007

I need to be able to load balance SSH connections from a single external IP address of our ACE module to any number of servers. I can't modify the SSH servers to make their encryption keys match, but I need to get around the problem of the key for the ACE IP appearing to change from the client's perspective. I'd like to be able to proxy the connection like I do for SSL, but I haven't found a way to do that.

Any suggestions are much appreciated!

owillins · ‎11-27-2007

If you want to use SLB only, you must configure certain parameters and disable some of the ACE security features .

perform the following things

"Configuring a global permit-all ACL and applying it to all interfaces in a context to open all ports

"Disabling TCP/IP normalization

"Disabling ICMP security checks

"Configuring SLB

dustin.black · ‎11-27-2007

Maybe I'm missing something, but how does that get around the problem of the client receiving different SSH encryption keys from the different load balanced servers?

Thanks!

ACE load balancing of SSH

ECMP load-balancing in Catalyst 9000

ASA/FTD: VPN Load Balancing の設定と確認例

RADIUS Load Balancing for ISE

Re: ISE Deployment with Load Balancing

Troubleshoot Different ESI Load Balancing Modes