Forum Discussion

Quintious_74258's avatar
Quintious_74258
Icon for Nimbostratus rankNimbostratus
Nov 17, 2011

Encrypting HTTP traffic to SSL on LTM

We're about to leverage our LTM's for a partnership, and need to know how to take unencrypted traffic and encrypt it.     Basically what we're doing is:     -Traffic will come in from our ...
config
design
nitass's avatar
nitass
Icon for Employee rankEmployee
Nov 18, 2011
just an example which Aaron said. i have to use snat and irule due to my lab environment.

this is for https to http. 

[root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:443
   ip protocol 6
   profiles {
      clientssl {
         clientside
      }
      tcp {}
   }
   vlans external enable
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:4000 {}
}

 curl -Ik https://172.28.19.79
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2011 09:04:18 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Connection: close
Content-Type: text/html; charset=UTF-8

[root@ve1023:Active] config  tcpdump -nni 0.0 port 443 or port 4000
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
01:04:04.467014 IP 172.28.19.253.50827 > 172.28.19.79.443: S 4250042541:4250042541(0) win 5840 
01:04:04.467072 IP 172.28.19.79.443 > 172.28.19.253.50827: S 3878453677:3878453677(0) ack 4250042542 win 4380 
01:04:04.468913 IP 172.28.19.253.50827 > 172.28.19.79.443: . ack 1 win 46 
01:04:04.477800 IP 172.28.19.253.50827 > 172.28.19.79.443: P 1:106(105) ack 1 win 46 
01:04:04.477837 IP 172.28.19.79.443 > 172.28.19.253.50827: P 1:793(792) ack 106 win 4380 
01:04:04.480082 IP 172.28.19.253.50827 > 172.28.19.79.443: . ack 793 win 58 
01:04:04.480095 IP 172.28.19.253.50827 > 172.28.19.79.443: P 106:292(186) ack 793 win 58 
01:04:04.484510 IP 200.200.200.10.50827 > 200.200.200.101.4000: S 2032949847:2032949847(0) win 4380 
01:04:04.484517 IP 172.28.19.79.443 > 172.28.19.253.50827: P 793:840(47) ack 292 win 4485 
01:04:04.485823 IP 200.200.200.101.4000 > 200.200.200.10.50827: S 3932073000:3932073000(0) ack 2032949848 win 5792 
01:04:04.485834 IP 200.200.200.10.50827 > 200.200.200.101.4000: . ack 1 win 4380 
01:04:04.486872 IP 172.28.19.253.50827 > 172.28.19.79.443: P 292:472(180) ack 840 win 58 
01:04:04.486893 IP 200.200.200.10.50827 > 200.200.200.101.4000: P 1:156(155) ack 1 win 4380 
01:04:04.487832 IP 200.200.200.101.4000 > 200.200.200.10.50827: . ack 156 win 54 
01:04:04.489095 IP 200.200.200.101.4000 > 200.200.200.10.50827: P 1:263(262) ack 156 win 54 
01:04:04.489116 IP 172.28.19.79.443 > 172.28.19.253.50827: P 840:1127(287) ack 472 win 4851 
01:04:04.489119 IP 200.200.200.101.4000 > 200.200.200.10.50827: F 263:263(0) ack 156 win 54 
01:04:04.489126 IP 200.200.200.10.50827 > 200.200.200.101.4000: . ack 264 win 4642 
01:04:04.489131 IP 172.28.19.79.443 > 172.28.19.253.50827: F 1127:1127(0) ack 472 win 4851 
01:04:04.493034 IP 172.28.19.253.50827 > 172.28.19.79.443: P 472:499(27) ack 1128 win 71 
01:04:04.493048 IP 172.28.19.253.50827 > 172.28.19.79.443: F 499:499(0) ack 1128 win 71 
01:04:04.493058 IP 172.28.19.79.443 > 172.28.19.253.50827: . ack 500 win 4878 
01:04:04.493067 IP 200.200.200.10.50827 > 200.200.200.101.4000: F 156:156(0) ack 264 win 4642 
01:04:04.493889 IP 200.200.200.101.4000 > 200.200.200.10.50827: . ack 157 win 54