Create F5 LTM Content for http / https via port 8080

You cannot specify a set of listening ports on a VIP - either a single port or all ports. Is it absolutely necessary to have all of this on a single VIP, given that the HTTP and HTTPS VIPs could share the same IP address and configuration other that their respective listening ports?

Also, while still technically possible, it would be extremely difficult to do SSL and non-SSL with the same listening port. For example, let's say you want to do SSL to a VIP that is listening on port 8080 and has a client SSL profile. You also want to do non-SSL to the same IP address on the same 8080 port, but of course without a client SSL profile. You'd necessarily have to create a single VIP on port 8080, apply a client SSL profile, and use an iRule to disable that client SSL profile for non-SSL requests. Because of where SSL sits in the OSI layer, however, one of the only ways you'd have to determine the client's intentions (SSL or non-SSL) would be a layer BELOW SSL, as in at the IP layer. Prior to offloading the SSL, you don't know what the client's intentions are. Now, you could technically sniff the TCP payload at layer 4 and see if the client is sending SSL data, but then you're getting into some fairly complicated iRules.

It would be FAR EASIER to split these up into separate VIPS with standard client side ports (80 and 443) and use some iRule logic to switch between the port 80 and port 8080 pools.