F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Chris_15705's avatar
Chris_15705
Icon for Nimbostratus rankNimbostratus
May 19, 2009

Exchange Outlook Anywhere without SSL offloading

Does anyone have info on the propper setup of Load Balancing two CAS server for Outlook Anywhere (rpc/http) without using SSL offloading. All the documentation i can find assumes you are offloading. ...
microsoft
partner
jreed5_47036's avatar
jreed5_47036
Icon for Nimbostratus rankNimbostratus
Oct 20, 2009
We have our F5's terminating SSL, and then re-wrapping SSL to the CAS servers. Intent was to have the packets inspected on the F5 after SSL termination, then re-encrypt afterwards. We had problems with just logging the traffic.

 

 

We had slowness for about a year, and troubleshooted the problem with F5 for about as long.

 

 

If you have not done so, turn off the Nagles Algorithm option. Google for more details, but the main premise is that it will combine small packets and send one large one. Not bad for web traffic, but RPC bundled traffic is a problem. Once disabled, our problems went away.

 

 

You need to also set persistance to be > than what your CAS is set to. Out of the box, public access settings are set to 15min timeouts, and private 24 hours. You should set persistance to be at least 24 hours. Otherwise you will lose your stikiness to a server, and require re-authentication while connected. It may still occur in 24 hours, but at least that's only 1x per day.