Forum Discussion
JeffB_41299
Nimbostratus
NimbostratusExchange 2010 iApp SSL pass-through?
Is it possible to configure the Exchange 2010 CAS iApp to get this result?
- Client sends SSL traffic to LTM;
- LTM redirects SSL traffic to CAS nodes (without decrypting it).
That is, I don't want the LTM to terminate SSL connections, but I don't want to send unencrypted traffic to the LTM. I just want the LTM to load balance the encrypted sessions.
The options in the iApp seem to assume that either SSL connections will be terminated at the LTM (and then re-encrypted back to the CAS node, or not), or traffic to the LTM won't be encrypted in the first place. Am I missing something obvious, or does the unencrypted form of the requests need to be accessible to the LTM for the iApp to be worth using?
Thanks.
2 Replies
- Hi Jeff, we don't offer that option in the iApp because it prevents us from using the recommended persistence and optimizations for Exchange, and from doing things like having one virtual server receiving traffic for all the Exchange services.
See: https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/262/Persisting-SSL-Connections.aspx
You could disable strictness on the iApp and make the necessary configuration changes to do SSL passthrough, but you're limited to SSL session ID persistence with source IP set as the fallback method. 
JeffB_41299
Thanks very much, Mike. I figured as much, but I don't yet understand the details well enough to have confirmed it. Thanks for the reference to the Persisting SSL Connections article, too.
