Quintious_74258
Nov 17, 2011Nimbostratus
Encrypting HTTP traffic to SSL on LTM
We're about to leverage our LTM's for a partnership, and need to know how to take unencrypted traffic and encrypt it.
Basically what we're doing is:
-Traffic will come in from our partner via HTTPS. Big-IP will serve as the SSL termination point, convert the packets to HTTP, change the port number (to a pre-defined port, let's say 4000) that the server is listening on, and forward them off to the servers (which cannot read or interpret HTTPS packets). This entails setting up a client SSL thing.
-The servers will then respond with HTTP traffic over, again let's say port 4000 after they have processed the data, at which time the LTM will take the unecrypted data, re-encrypt it, and send it as HTTPS traffic via port 443 to our partner. This requires a server SSL configuration.
Now the twist:
-The servers will also need to proactively send HTTP traffic to our partner without first receiving a packet that the LTM has decrypted. We need the LTM to proactively encrypt that data that comes in as HTTP over...again, let's say 4000, and then send it off to our partner as HTTPS traffic over port 443. The servers can't do it, because the app can't do it.
I read somewhere that SNAT plays a role in this last twist, but I can't seem to find the forum post again. Is there a solution article out there that details how we can do this? Or has anyone done it, and can provide a blow-by-blow of what we need to do to make it work?