Salvador_del_Re
Feb 27, 2008Historic F5 Account
Client ssl
I want use a clientssl profile for some IP address and another clientssl profile for another range of IP adress.
Try to make a iRule and dont run.
Any ideas?
Thanks
Try to make a iRule and dont run.
Any ideas?
Thanks
Could you show use your iRule and any logging you did ?
Thanks
defaults from clientssl
key "uno.key"
cert "uno.crt"
}
profile clientssl dos_prof {
defaults from clientssl
key "dos.key"
cert "dos.crt"
}
virtual vs_https {
snat automap
pool http_pool
destination 172.16.6.102:https
ip protocol tcp
rules certificado
profiles
tcp
test-cert
}
when CLIENT_ACCEPTED {
set certuno uno_prof
set certdos dos_prof
log "certificado uno $certuno certif2 $certdos"
PROFILE::clientssl [$certuno]
}
Error
Feb 27 13:47:55 tmm tmm[1675]: 01220002:6: Rule certificado : certificado uno uno_prof certif2 dos_prof
Feb 27 13:47:55 tmm tmm[1675]: 01220001:3: TCL error: certificado - invalid command name "uno_prof" while executing "$certuno"
Moreover i don't think that will do what you want.
If you check the wikis it is used to retrieve value and not set new one:
example: when HTTP_REQUEST {
set resultat [PROFILE::clientssl key]
log local0. "res: $resultat"
}
it will return the key used for the ssl transaction
You need to use the command SSL::profile name_of_your_profile
http://devcentral.f5.com/wiki/default.aspx/iRules/SSL__profile.html
HTH
Thanks a lot
when CLIENT_ACCEPTED {
if { [matchclass [IP::client_addr] equals $::Direcciones_internas]
}
{
SSL::profile uno_prof
}
else
{
SSL::profile dos_prof
}
}
virtual vs_https {
snat automap
pool http_pool
destination 172.16.6.102:https
ip protocol tcp
rules certificado
profiles
clientssl
tcp
}
profile clientssl uno_prof {
defaults from clientssl
key "uno.key"
cert "uno.crt"
}
}
profile clientssl dos_prof {
defaults from clientssl
key "dos.key"
cert "dos.crt"
}
}
class Direcciones_internas {
network 172.16.0.0/16
networks 10.10.6.0/24
networks 192.168.6.0/24
}