Forum Discussion
SteveD1979
Cirrostratus
CirrostratusHelp with SNI for multiple VIPs hosted on same server
Hi I wanted to see if someone could help me with this setup. I've configured other VIPs in the past to use SNI by running this command and then creating the ssl profile with the hostname. tmsh m...
SteveD1979Cirrostratus
CirrostratusThe monitor is failing but I'm not really worried about that. I don'5t know what it is but the applications are failing. All except for the last one I i configure.
app 1 VS IP 10.1.1.1
app 2 VS IP 10.1.1.2
app 3 VS IP 10.1.1.3
so on for the next 5
They all share 1 pool which is a Windows server with IIS installed and web applications working and the same client SSL cert with each FQDN for each VS IP in the SAN. The server side SSL cert is unique with each apps FQDN in the server name field and this command run for each VIP.
tmsh modify ltm virtual <virtual server> serverssl-use-sni enabled
Paulius
MVP
MVPIf you can provide a topology, your existing configuration, and then the failing configuration I might be able to assist you further but I'm have a difficult time understanding the issue here and where the failure is occurring without this information.
- SteveD1979
I'm not sure what else you're asking for. There are 8 apps all hosted on one Windows IIS server. Each of those 8 apps has it's own unique VIP on the F5 with it's own unique IP address. The VIPs all share the same client side SSL profile. The server side SSL profile i'm updating to include the FQDN for each separate application in the server name field and giving each VIP it's own.
- Paulius
Without being able to see the configuration that isn't working it's difficult to say why this isn't working for you. If you configured a default SNI SSL profile for each of those virtual servers then this should be working. The only thing I could see possibly being an issue is if you're doing backend SSL and the server is expecting an SNI from the F5.
- SteveD1979
The VIPs are set up with client and server side SSL profiles and then on the server in the SSL bindings each app/site has the SNI box checked and the same cert as the client side SSL on the F5 tied to each.