Forum Discussion
Quintious_74258
Nimbostratus
NimbostratusEncrypting HTTP traffic to SSL on LTM
We're about to leverage our LTM's for a partnership, and need to know how to take unencrypted traffic and encrypt it.
Basically what we're doing is:
-Traffic will come in from our ...
nitass
Employee
Employeethis is for http to https.
[root@ve1023:Active] config b virtual bar2 list
virtual bar2 {
snat automap
pool foo2
destination 200.200.200.79:4000
ip protocol 6
rules myrule2
profiles {
http {}
serverssl {
serverside
}
tcp {}
}
vlans internal enable
}
[root@ve1023:Active] config b pool foo2 list
pool foo2 {
members 74.125.235.50:443 {}
}
[root@ve1023:Active] config b rule myrule2 list
rule myrule2 {
when HTTP_REQUEST {
HTTP::header replace Host "www.google.com"
}
}
curl -I http://200.200.200.79:4000
HTTP/1.1 200 OK
Date: Fri, 18 Nov 2011 09:02:39 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=4ef4ba14c2189eec:FF=0:TM=1321606959:LM=1321606959:S=hTpVLYxefmsAEtSk; expires=Sun, 17-Nov-2013 09:02:39 GMT; path=/; domain=.google.com
Set-Cookie: NID=53=t3p09w0aYLbn2wOZIOZOnypE889mOydciWSDfW9KacQee-sNIPmJlxx6jH0Sm-bD-Um2TUxZm12xM8nlAANVrZXb117QEE-uKgQW2mzY4jcCgIVly_xhfdbvr5sdOpWJ; expires=Sat, 19-May-2012 09:02:39 GMT; path=/; domain=.google.com; HttpOnly
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
[root@ve1023:Active] config tcpdump -nni 0.0 port 4000 or port 443
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
01:06:52.264065 IP 200.200.200.101.53947 > 200.200.200.79.4000: S 2974964524:2974964524(0) win 5840
01:06:52.264127 IP 200.200.200.79.4000 > 200.200.200.101.53947: S 3360020780:3360020780(0) ack 2974964525 win 4380
01:06:52.264879 IP 200.200.200.101.53947 > 200.200.200.79.4000: . ack 1 win 46
01:06:52.264910 IP 200.200.200.101.53947 > 200.200.200.79.4000: P 1:163(162) ack 1 win 46
01:06:52.265061 IP 172.28.19.80.53947 > 74.125.235.50.443: S 723819090:723819090(0) win 4380
01:06:52.272054 IP 74.125.235.50.443 > 172.28.19.80.53947: S 2091216247:2091216247(0) ack 723819091 win 5672
01:06:52.272076 IP 172.28.19.80.53947 > 74.125.235.50.443: . ack 1 win 4380
01:06:52.272124 IP 172.28.19.80.53947 > 74.125.235.50.443: P 1:95(94) ack 1 win 4380
01:06:52.277870 IP 74.125.235.50.443 > 172.28.19.80.53947: . ack 95 win 89
01:06:52.282934 IP 74.125.235.50.443 > 172.28.19.80.53947: P 1:134(133) ack 95 win 89
01:06:52.283029 IP 172.28.19.80.53947 > 74.125.235.50.443: P 95:142(47) ack 134 win 4380
01:06:52.283040 IP 172.28.19.80.53947 > 74.125.235.50.443: P 142:324(182) ack 134 win 4513
01:06:52.290825 IP 74.125.235.50.443 > 172.28.19.80.53947: . ack 324 win 106
01:06:52.314970 IP 74.125.235.50.443 > 172.28.19.80.53947: P 134:794(660) ack 324 win 106
01:06:52.315001 IP 200.200.200.79.4000 > 200.200.200.101.53947: P 1:636(635) ack 163 win 4542
01:06:52.315979 IP 200.200.200.101.53947 > 200.200.200.79.4000: . ack 636 win 56
01:06:52.315990 IP 200.200.200.101.53947 > 200.200.200.79.4000: F 163:163(0) ack 636 win 56
01:06:52.315997 IP 200.200.200.79.4000 > 200.200.200.101.53947: . ack 164 win 4542
01:06:52.316002 IP 172.28.19.80.53947 > 74.125.235.50.443: F 324:324(0) ack 794 win 5173
01:06:52.322060 IP 74.125.235.50.443 > 172.28.19.80.53947: F 794:794(0) ack 325 win 106
01:06:52.322075 IP 172.28.19.80.53947 > 74.125.235.50.443: . ack 795 win 5173
01:06:52.322078 IP 200.200.200.79.4000 > 200.200.200.101.53947: F 636:636(0) ack 164 win 4542
01:06:52.322975 IP 200.200.200.101.53947 > 200.200.200.79.4000: . ack 637 win 56