F5 & SSL on non SSL Ports

Question

We host multiple Web sites so to keep from using a different IP for each SSL on dev, test, and production for the various Web sites; we use the following:&nbsp;
&nbsp;https://someurl.com/&nbsp;
&nbsp;Internal on IIS
&nbsp;http:   port 80
&nbsp;https: port 1500&nbsp;
&nbsp;SSL has to be installed on IIS and not the F5 LTM.  The Virtual Servers and Pools are all configured correctly, but the issue we are having is that when we use a port different from 443 for SSL, Big IP doesn't process the traffic.&nbsp;
&nbsp;Any suggestions.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

hoolio · Answer

Hi Gdub, 
&nbsp;  
&nbsp; I imagine the problem is that the web applications are referring to themselves on ports which don't match the LTM virtual server ports you're using.  There are a few possible solutions to this: 
&nbsp;  
&nbsp; - Change the webserver configuration to reference the VS ports instead of their own ports 
&nbsp; - Define the virtual server on the same port as the web servers.  This should work as the VS will be listening on the same ports as the web servers, so no port translations should be necessary. 
&nbsp; - Decrypt (and optionally re-encrypt) the SSL and then rewrite port references from the web server ports to the LTM ports.  This could be done with HTTP profile options and/or an iRule. 
&nbsp;  
&nbsp; If you want help fleshing out any of these options, let us know. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

F5 & SSL on non SSL Ports

Recent Discussions

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Use of SSL Decryption.

Big IP DNS Failover

Related Content

SSL Profiles Part 6: SSL Renegotiation

Updating SSL Certificates on BIG-IP using REST API

Check a Virtual Server's SSL Status

Response port masking

F5 self IP TLS/SSL hand shake fail with tcp port node member

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS