Forum Discussion

JrMaster_47117's avatar
JrMaster_47117
Icon for Nimbostratus rankNimbostratus
May 31, 2012

Cannot establish IPHTTPS connection.

Hello,

 

 

I've a Direct Access test lab with a weird problem that I'm unable to resolve.

 

 

 

During setup I've configured a VIP for IPHTTPS as per F5 & UAG guide. (http://www.f5.com/pdf/deployment-guides/f5-uag-dg.pdf)

 

 

 

The VIP type that I used is Perfomance (Layer 4) as mentioned in the guide.

 

However, when clients from the internet tries to establish an IPHTTPS tunnel to one of my DA servers it fails with the following error:

 

 

 

Interface Status: failed to connect to the IPHTTPS server. Waiting to reconnect

 

 

 

But:

 

 

 

If I change the type of the VIP from Performance (Layer 4) to Performance (HTTP), then clients connections starts working just fine.

 

It does take too long until a connection is established but eventually it works.

 

 

 

 

 

I was wondering how can I make it work when VIP is configured with Performance (Layer 4)?

 

 

 

Thanks in advance,

 

JrMaster

 

ve
virtualization

3 Replies

Sort By
  • Erick_Hammersm1's avatar
    Erick_Hammersm1
    Historic F5 Account
    May 31, 2012
    My guess is that your servers are not sending reply traffic back through the BIG-IP. One of the features of the Performance HTTP profile is to automatically translate the source address of the connection from the client's real address to an address owned by the BIG-IP (in BIG-IP parlance, this behavior is called "SNAT"). You can achieve the same behavior with a Performance L4 profile by manually enabling SNAT on the virtual server.

     

     

    Here's a link to the portion of the BIG-IP configuration guide that covers SNATs:

     

     

    http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_1/ltm_snat.html

     

     

    Hope this helps!
  • JrMaster_47117's avatar
    JrMaster_47117
    Icon for Nimbostratus rankNimbostratus
    Jun 03, 2012
    Thanks Erick! I will give it a shot and let you know how it went.

     

     

    I was wondering though if using SNATs is a requirement? it is not mentioned anywhere in the guide...

     

     

    Thx,

     

    JrM