F5 SSL to backend server issue

OK I found it :-) it is a limitation of the LTM VE 10.1 edition :

 

 

http://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnotes_ve_10_1_0.htmlbigip_restrict

 

 

ClientSSL and ServerSSL profiles on same virtual server (CR141545)

 

When you assign both a ClientSSL and a ServerSSL profile to the same virtual server, the BIG-IP system forwards the client request successfully, but the client does not receive the response. To work around this issue, you can create two separate virtual servers that specify the same destination IP address and port. The first virtual server references the ClientSSL profile and an iRule that internally routes the connection to the second virtual server instead of to a load balancing pool. The second virtual server references the ServerSSL profile and the load balancing pool. The following is an example of an iRule assigned to a ClientSSL virtual server. The iRule includes the virtual command, which internally routes connections to a second virtual server named server_ssl_test. The second virtual server must have its VLAN disabled using the vlan none enable command:

 

 

rule target_server_ssl {

 

when CLIENT_ACCEPTED {

 

virtual server_ssl_test

 

}

 

}

 

pool b68_https { member 10.1.1.68:4443 }

 

virtual client_ssl_test {

 

destination 10.1.1.117:443

 

profile http clientssl tcp

 

rule target_server_ssl

 

}

 

virtual server_ssl_test {

 

destination 10.1.1.117:443

 

profile http serverssl tcp

 

pool b68_https

 

vlan none enable

 

}

 

 

 

Will test the workaround and report back.

 

 

Cheers !