This configuration handles both regular and passive ftp. Consult Cisco manuals for specific commands explanation.
!-- using dummy tcp probe for ftp server for simplicity.
probe tcp probe-tcp-21
port 21
interval 30
passdetect interval 60
connection term forced !-- optional. Linux ftp server probe has issues if connection is not forced to close
open 1
rserver host ftp-server1
ip address 10.0.1.11
inservice
rserver host ftp-server2
ip address 10.0.1.12
inservice
serverfarm host ftp-farm
probe probe-tcp-21
rserver ftp-server1 21
inservice
rserver ftp-server2 21
inservice
class-map match-all ftp.mycompany.com
2 match virtual-address 55.55.55.55 tcp eq ftp ! This is ftp site IP
policy-map type loadbalance generic first-match lbmap-ftp.mycompany.com
class class-default
serverfarm ftp-farm
nat dynamic 1 vlan 200 serverfarm primary
policy-map multi-match pmap-vlan100
class ftp.mycompany.com
loadbalance vip inservice
loadbalance policy lbmap-ftp.mycompany.com
loadbalance vip icmp-reply
inspect ftp
access-list ALL line 10 extended permit ip any any
interface vlan 200
description Web Servers Lan
ip address 10.0.1.2 255.255.255.0
peer ip address 10.0.1.3 255.255.255.0
alias 10.0.1.1 255.255.255.0
nat-pool 1 10.0.1.254 10.0.1.254 netmask 255.255.255.255 pat
access-group input ALL
no shutdown
interface vlan 100
description OUTSIDE
ip address 55.55.55.11 255.255.255.0
alias 55.55.55.10 255.255.255.0
peer ip address 55.55.55.12 255.255.255.0
access-group input ALL
service-policy input pmap-vl100
no shutdown
No comments:
Post a Comment