Forum Discussion
nitass
May 28, 2014Employee
isn't it like this?
config
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar443
ltm virtual bar443 {
destination 172.28.24.10:443
ip-protocol tcp
mask 255.255.255.255
profiles {
clientssl {
context clientside
}
http { }
serverssl {
context serverside
}
tcp { }
}
rules {
qux
}
source 0.0.0.0/0
vs-index 36
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
when HTTP_REQUEST {
if { [HTTP::path] starts_with "/sp/ACS.saml2" } {
virtual bar9031
}
}
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar9031
ltm virtual bar9031 {
destination 172.28.24.10:9031
ip-protocol tcp
mask 255.255.255.255
pool foo
profiles {
clientssl {
context clientside
}
http { }
tcp { }
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 37
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo
ltm pool foo {
members {
200.200.200.101:80 {
address 200.200.200.101
}
}
}
trace
[root@ve11a:Active:In Sync] config ssldump -Aed -nni 0.0 -k /config/ssl/ssl.key/default.key port 443 or port 9031 or port 80
New TCP connection 1: 172.28.24.1(42244) <-> 172.28.24.10(443)
1 1 1401289187.2551 (0.0347) C>S SSLv2 compatible client hello
1 2 1401289187.2552 (0.0000) S>CV3.1(81) Handshake
1 3 1401289187.2552 (0.0000) S>CV3.1(954) Handshake
1 4 1401289187.2552 (0.0000) S>CV3.1(4) Handshake
1 5 1401289187.2598 (0.0045) C>SV3.1(262) Handshake
1 6 1401289187.2598 (0.0000) C>SV3.1(1) ChangeCipherSpec
1 7 1401289187.2598 (0.0000) C>SV3.1(48) Handshake
1 8 1401289187.2672 (0.0074) S>CV3.1(1) ChangeCipherSpec
1 9 1401289187.2672 (0.0000) S>CV3.1(48) Handshake
1 10 1401289187.2696 (0.0024) C>SV3.1(272) application_data
---------------------------------------------------------------
POST /sp/ACS.saml2 HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
Content-Length: 4
Content-Type: application/x-www-form-urlencoded
test---------------------------------------------------------------
New TCP connection 2: 172.28.24.1(9736) <-> 172.28.24.10(9031)
2 1 1401289187.2709 (0.0000) C>SV3.3(109) Handshake
2 2 1401289187.2709 (0.0000) S>CV3.3(81) Handshake
2 3 1401289187.2709 (0.0000) S>CV3.3(954) Handshake
2 4 1401289187.2709 (0.0000) S>CV3.3(4) Handshake
2 5 1401289187.2719 (0.0009) C>SV3.3(262) Handshake
2 6 1401289187.2719 (0.0000) C>SV3.3(1) ChangeCipherSpec
2 7 1401289187.2721 (0.0002) C>SV3.3(80) Handshake
2 8 1401289187.2780 (0.0059) S>CV3.3(1) ChangeCipherSpec
2 9 1401289187.2780 (0.0000) S>CV3.3(80) Handshake
2 10 1401289187.2782 (0.0001) C>SV3.3(288) application_data
---------------------------------------------------------------
POST /sp/ACS.saml2 HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
Content-Length: 4
Content-Type: application/x-www-form-urlencoded
test---------------------------------------------------------------
New TCP connection 3: 200.200.200.14(17839) <-> 200.200.200.101(80)
1401289187.2790 (0.0006) C>S
---------------------------------------------------------------
POST /sp/ACS.saml2 HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.24.10
Accept: */*
Content-Length: 4
Content-Type: application/x-www-form-urlencoded
test---------------------------------------------------------------
- chuckcald_15879May 28, 2014NimbostratusWhen I follow the configuration listed my browser connection gets reset and nothing loads. I noticed that your pool foo is listening on port 80. It should be listening on 9031. I made that change and the browser still get reset.