HTTPS Persistence & ISA servers

We have 2 BigIP-5100's running BIG-IP Kernel 4.5.10 Build84 in an active-actve pair. We have a squid pool with predictive node load-balancing and a virtual server for all of our clients that browse the web. Currently, we have a workaround in place whereby all traffic from the squid servers going to the Internet are NAT'ted to a single IP address on our gateway firewall. We are NAT'ting because sessions to secure sites on the Internet are broken.

 

 

We have tried to implement persistence on the squid pool however it has problems with downstream proxy servers, such as ISA servers, chaining to our squid pool. They can browse HTTP site without issue, however HTTPS site are extremely slow or don't work at all.

 

 

We have tried active HTTP cookie with insert mode, passive HTTP, SSL persistence and the load balancing method set to round robin (for simplicity) but no joy.

 

 

Any ideas anyone?

 

 

Regards