Load Balancing using Virtual IP on DMZ interface of 5520 ASA

Similar Messages

• How can ftp service on non-standard port be load balanced using Cisco ACE.

  How can ftp service on non-standard port be load balanced using Cisco ACE.For example ftp service required on tcp 2000 port

  Hi Samarjit,
  you can do this by specifying the port number in the class map that you create . Please find the below mentioend config guide where you can specify the tcp/udp port , range or ports or even the wild card to match the port.
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/mapolcy.html#wp1318826
  Regards
  Abijith

• Load balancing using   Hardware/Webcache??

  Hi ,
  I am using iAS 10.1.2.02.Please share some best practices of Failover and Load balancing using hardware or Oracle web cache?
  Also what is most recommended by Oracle.
  Regards,
  Noman

  Hi ,
  I am using iAS 10.1.2.02.Please share some best practices of Failover and Load balancing using hardware or Oracle web cache?
  Also what is most recommended by Oracle.
  Regards,
  Noman

• Adding a 2nd WFE to a Production Farm - Load balanced using F5 Virtual IPs

  Hello all,
  In much reading I haven't been able to find a more or less straight answer to this question:  I have a small-ish SharePoint farm; 1 WFE, 1 App and a SQL cluster.  I need to bring a 2nd web front end into the farm.  What I am trying to find
  out is, may I install the SharePoint bits and join the new web front end to the farm - without putting the web apps' IPs into my F5 pools - without adversely impacting the farm?  
  What I'm after is time to test the new web front end by redirecting my browser to it via my hosts file.  Once I'm confident all is well, I would then configure WFE2 to have traffic forwarded to it through the F5.  Is this a reasonable hope?
  Thanks in advance for any advice you might provide

  Yes, that will work.
  Having an extra WFE that isn't included in your load balancer is actually a fairly common practice when you use it as a dedicated crawl target, there' no impact to having it there unused for a while.
  Thanks very much for confirming; I appreciate that! 

• Load balancing using GLBP

  Dear All,
  I need to built a scenario where i am using two ISP's for redundancy for my internal network and at the same time wants to load balance in such a way that my first packet going outside the network (using NAT) goes from first ISP's public ip address and second packet going outside the network (using NAT) goes from second ISP's public ip address.
  Need your help
  Thank You

  Hello
  I tried to lab this up - I managed to use a first hop protocol (hrsp) to a redundant HRSP & NAT configuration - however I have tried GLBP and at present not been successful in getting it to work-
  Here is what I got with HRSP:
        --- R2
  r1 -----        internet host 100.100.100.100
       ---- R3
  R2
  interface FastEthernet0/0
  Description Link to LAN
   ip address 10.1.123.252 255.255.255.0
   ip nat inside
   standby 123 ip 10.1.123.254
   standby 123 priority 115
   standby 123 preempt
   standby 123 name HRSP1
   standby 123 track FastEthernet0/1 50
  interface FastEthernet0/1
  Description Link to ISP1
   ip address 1.1.1.2 255.255.255.0
   ip nat outside
   standby 234 ip 1.1.1.254
   standby 234 priority 115
   standby 234 preempt
   standby 234 name HRSP2
   standby 234 track FastEthernet0/0 50
  ip route 100.100.100.100 255.255.255.255 FastEthernet0/1 1.1.1.4
  ip nat inside source static 10.1.123.251 1.1.1.1 redundancy HRSP1
  R3
  interface FastEthernet0/0
  Description Link to LAN
   ip address 10.1.123.253 255.255.255.0
   ip nat inside
   standby 123 ip 10.1.123.254
   standby 123 preempt
   standby 123 name HRSP1
   standby 123 track FastEthernet0/0
  interface FastEthernet0/1
  Description Link to ISP2
   ip address 1.1.1.3 255.255.255.0
   ip nat outside
   standby 234 ip 1.1.1.254
   standby 234 preempt
   standby 234 name HRSP2
   standby 234 track FastEthernet0/1 50
  ip route 100.100.100.100 255.255.255.255 FastEthernet0/1 1.1.1.4
  ip nat inside source static 10.1.123.251 1.1.1.1 redundancy HRSP1
  R2#sh ip nat translations
  Pro Inside global      Inside local       Outside local      Outside global
  icmp 1.1.1.1:7         10.1.123.251:7     100.100.100.100:7  100.100.100.100:7
  icmp 1.1.1.1:12        10.1.123.251:12    100.100.100.100:12 100.100.100.100:12
  --- 1.1.1.1            10.1.123.251       ---                ---
  R2#sh standby brief
  Interface   Grp  Pri P State   Active          Standby         Virtual IP
  Fa0/0       123  115 P Active  local           10.1.123.253    10.1.123.254
  Fa0/1       234  115 P Active  local           1.1.1.3         1.1.1.254
  R3#sh stan brief
  Interface   Grp  Pri P State   Active          Standby         Virtual IP
  Fa0/0       123  100 P Standby 10.1.123.252    local           10.1.123.254
  Fa0/1       234  100 P Standby 1.1.1.2         local           1.1.1.254
  R3#sh ip nat translations
  Pro Inside global      Inside local       Outside local      Outside global
  --- 1.1.1.1            10.1.123.251       ---                --
  R2
  int fa0/1
  shut
  R2#sh standby brief
  Interface   Grp  Pri P State   Active          Standby         Virtual IP
  Fa0/0       123  65  P Standby 10.1.123.253    local           10.1.123.254
  Fa0/1       234  115 P Init    unknown         unknown         1.1.1.254
  R2#sh ip nat translations
  Pro Inside global      Inside local       Outside local      Outside global
  --- 1.1.1.1            10.1.123.251       ---                ---
  3#sh stan brief
                       |
  Interface   Grp  Pri P State   Active          Standby         Virtual IP
  Fa0/0       123  100 P Active  local           10.1.123.252    10.1.123.254
  Fa0/1       234  100 P Active  local           unknown         1.1.1.254
  R3#sh ip nat translations
  Pro Inside global      Inside local       Outside local      Outside global
  icmp 1.1.1.1:7         10.1.123.251:7     100.100.100.100:7  100.100.100.100:7
  icmp 1.1.1.1:12        10.1.123.251:12    100.100.100.100:12 100.100.100.100:12
  --- 1.1.1.1            10.1.123.251       ---                ---
  res
  Paul

• Firewall Load Balance using bridged mode ACE

  Dear Folks,
  I 'd like to load balance 2 ASA using 3 ACE [ Inside,outside,dmz network zone]
  I 've seen sample configuration, all of them are running the ACE in the route mode, and asa are running in route mode
  Would it be possible to run the ACE in the bridge Mode, because the ip subneted problem, We don't have enough to split,,
  by the way if possible,All server that install behind ACE, what is default gateway should Server Point to [ in our case we have 2 independent firewall ] should I create the VIP for both firewall ? or should I just simply set the server's gateway to BVI interface, ?
  Please Help Thanks

  Thank you very much Gilles,
  You 're the man. ;-)
  Another question in my case I try to load balance 3 interface firewall [inside,outside,dmz] in order to make the packet return the same firewall it has passed earlier,
  What kind of hashing technique do I need to use and Do i need to use mac sticky command ???
  I tried to find some configuration sample from cisco website , but i only found with only 2 interface with ACE running source hash and destination hash in each ends,
  Thank you very much

• Load balancing using multiple default routes

  Hi Guys,
  I just want to ask does creating multiple default routes on my router provides load-balancing on my WAN side? As far as i know, for example if I have two default routes on my router and let say I have two users connecting to the internet, the first one might go to the first WAN link while the second user might go to the second WAN link.
  Thank you so much
  Rex

  there are the difference between, load balancing and load sharing..which we need to understand.
  load sharing means you have 2 users, user A and User B, user A wants to use ISP1 and user B wants to use ISP2. this is called load sharing. and can be achieved via PBR (Policy based routing).
  we should not try to use load balancing for Internet traffic with 2 different ISPs.

• Load-balancing using ServerIrons or NetApp Netcaches

            Dear all,
            From a cursory search, this one has been asked loads of times, but I can't find
            an answer....
            We're adding a Weblogic cluster into a resilient environment which has Netcache
            boxes doing reverse proxy and content caching, and Foundry ServerIrons doing the
            load-balancing. We could add in a pair of Apache servers load-balanced by the
            serverIrons and a pair of weblogic boxes in a cluster. However, this is not only
            a bit of overkill, but also adds quite a bit of latency to requests. We also
            already have the Netcache boxes. So, we want to get rid of Apache, and use a
            proposed 3 tier environment:
            Netcache
            |
            | (possibly via a serverIron)
            v
            Weblogic Cluster
            |
            |
            v
            Oracle
            Will this work? Does anyone have any experience extracting the session ID on
            a serverIron (or even on a netcache itself)? Has anyone found a way of doing
            session failover using a serverIron?
            Words of wisdom are needed for a flagging technical consultant...
            Thanks
            Simon Redding
            Technical Specialist
            Environment Agency
            

  Good day Simon,
            We have the same setup and have the same questions. Did you find how to implement this?
            Any help would be great!
            Cheers

• R1213 Load Balance using F5 load balancers on Sun/Linux

  Hi,
  We got below requirement to perform upgrade and applications Load Balance
  1. Web and Courion services using F5 Load Balancers after R1213 Upgrade.
  Any Idea bout Courion services and how we can perform Load Balance for its services on Apps R1213
  The load balancers would be configured for sticky sessions for consistency.
  2. How we can achive Load Balanced applications to SSL off-loading method.
  3. What is the best methods and any whitepapers to achive the same.
  Please let me know.
  Thanks,
  Bhargava

  Any Idea bout Courion services and how we can perform Load Balance for its services on Apps R1213
  The load balancers would be configured for sticky sessions for consistency.Please elaborate more on this.
  2. How we can achive Load Balanced applications to SSL off-loading method.How To Redirect HTTP Traffic to HTTPS On A BIG-IP F5 Load Balancer [ID 889308.1]
  3. What is the best methods and any whitepapers to achive the same.How To Check Session Persistence On BigIP F5, Cisco Ace, Citrix Netscaler or Radware AppDirector Load Balancer Appliances [ID 601694.1]
  Tips and Queries for Troubleshooting Advanced Topologies [ID 364439.1]
  You can find also more details in Steven Chan's Blog (search for load balancer) -- http://blogs.oracle.com/stevenChan/
  Thanks,
  Hussein

• CSM - Load balance using Server CPU

  Hi
  I have a customer who requires the load-balancing prediction
  algorithm to be based on the CPU level of the Server. So the server with the least CPU is chosen at the laod-balancing stage.
  Is there a way to do this?
  Thanks James

  Hi James
  With CSM the only option is DFP (Dynamic feed back protocol). If your application vendor provides DFP agents (which is very unlikely) for the application then these agents can be installed on App servers for the desired purpose.
  Config details at
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/configuration/guide/rsfarms.html#wp1039774')">http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/configuration/guide/rsfarms.html#wp1039774
  With ACE you can use SNMP based probes to achieve what you are looking for.
  Syed Iftekhar Ahmed

• Load Balancing based on website not on Interface

  LocalDIrector 416
  LOcalDirector is load balancing 2 IIS web servers ServerA and ServerB. The servers are running in round robin. If a client requests a webpage and is sent to ServerA and the site is not servicing requests but the interface is still up I want Local Director to fail over to ServerB. Is this possible?
  Thanks

  you need http probe.
  Check the following url:
  http://www.cisco.com/en/US/products/hw/contnetw/ps1894/products_configuration_example09186a0080093df4.shtml
  Gilles.

• Load balancing and Virtual directories (solaris w/ iPlanet)

  Hi everybody,
  I would like some assistance configuring some load balancing. Our environment consists of 6 physical servers, iPlanet 6, Weblogic 8.1, and Cisco CSS content load balancers. I need some help in the obj.conf for iplanet....
  I am trying to create a blanket cisco load balancer rule which would be able to cover all future web services our group wishes to create. The cisco load balancer is easy, I just need help on the iplanet obj.conf.
  ie.
  hardware load balancer
  https://webapi.aaa.com/webservices/*
  (points to all 6 iplanet instances)
  weblogic
  URL on a particular weblogic server may be:
  http://weblogic1:9001/webservice1/aaa.jws
  http://weblogic2:9001/webservice1/aaa.jws
  ... weblogic6:9001/webservice1/aaa.jws
  http://weblogic1:9001/webservice2/bbb.jws
  http://weblogic2:9001/webservice2/bbb.jws
  ... weblogic6:9001/webservice2/bbb.jws
  How do I configure the obj.conf to be clustered as well as make the webservice look like it's coming from
  https://webapi.aaa.com/webservices/webservice1/aaa.jws
  as well as
  https://webapi.aaa.com/webservices/webservice2/bbb.jws
  (note the prefix of "webservices")
  Thanks!
  Eddie

  Hi,
  I agree with the suggestion above. For questions related to IIS, you’d better ask in IIS forum for professional assistance. By the way, I will
  change this thread to a general discussion, thanks for your understanding and support.
  Best regards,
  Susie

• Server load balancing for application access using multiple servers

  1.what are the methods supported by cisco switches for load balancing
  2. I want to achive users to access 1 particular ip from different locations but phsically few servers which handle the application and data

  well some servers allow you to install routing protocols on them. you could OSPF some links together.
  or you could NLB if it is a microsoft server. this uses a heartbeat network, a virtual mac and an IP address bound to the vmac.
  you could use NIC teaming. broadcom nics on dell servers allow you to configure them for loadbalancing, failover and a few other options.
  or if the servers are mirrored using MSCS or something similar (i.e configured the same but independant) you could just load balance using DNS.
  hope this helps. jsut some ideas quickly off the top of my head

• HTTP logs not created when using software load balancer

  This is my setup:
  1. I have a server running a software load balancer - call it A
  2. There are two servers clustered under A - call it X and Y
  3. I am able to access the application deployed on X and Y through A.
  Fail-over also works. Shutting down X when the application is up and running routes the requests to Y and vice-versa. All is well until this point.
  Problem is:
  Let us take server X.
  $ORACLE_HOME/Apache/Apache/logs does not have an access log in it. (It
  however has an error log.)
  Access logs are not created when accessing the servers in the cluster (X and Y) through the load balancer URL.
  However, when accessing the individual servers in the cluster (with their URLs), access logs are created.
  Specifics on the setup:
  1. A, X, Y - all three are OAS 10.1.3.2
  2. All three are deployed on individual server machines
  3. All three servers have one OC4J instance each running in them
  4. The software load balancer used is from WebLogic 8.1sp5 - basically to create a *.war file that has the details of X and Y (servers in the cluster)
  5. This *.war file is deployed on A
  6. Server A, the one that has the software load balancer, DOES NOT have AS control. One of the other servers in the cluster does.
  Has anybody encountered this problem before? Or is there anything wrong
  with the setup? What is the resolution for the same?
  Any help is greatly appreciated.
  Thank you.

  Thank you, Jacco. You are right in saying that the software load balancer does not route the request to Apache and hence the logs are not created.
  While the logs are not critical to the component we are working on, was just wondering why they were not being created.
  As regards your comment on FastCGI, there is a FastCGI directory created under $ORACLE_HOME/Apache/Apache/logs - but there is nothing in it. Neither do the error logs have any information pertaining to FastCGI.
  Anyway, I am not going to worry about this issue anymore - may be sometime in the future will try to use a different software load balancer and see if it makes any difference.

• Why do I have to overide internal Lyncpool FQDN when using hardware load balancing

  Hi!
  As the title says, why do I need to override the FQDN when using HLB? Why can't I just change the DNS entry of lyncpool01.domain.com to point to the HLB?
  Thanks!

  You'd want to override it because there are non-HTTP/HTTPS ports involved that are better load balanced using DNS. 
  http://social.technet.microsoft.com/wiki/contents/articles/22988.demystify-hlb-and-dns-load-balancing-lync-2013-topology-with-high-availability-pools-dns-lb-vs-hlb.aspx 
  http://technet.microsoft.com/en-us/library/gg615011.aspx
  If you want to use HLB for all internal ports, then you wouldn't necessarily need to override this. 
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications