Forum Discussion

Nimbostratus

Feb 06, 2015

iRule ProxyPass and SSL to Backend

Hello Folks, I am currently struggling with the ProxyPass iRule, because I am not able to get an Server SSL Handshake to the Backendserver. Everything is fine when I define the Backendserve...

Nimbostratus

Feb 08, 2015

Sorry for the delay.

Here is my configuration. Only standards....no additional modifications.

I did check the ProxyPass with "http" to the Backend and it's working fine. Only an ServerSSL Connection won't be established!?

Code
ltm virtual /preprod/vs_tomcat {
destination /preprod/193.90.130.45%2:https
ip-protocol tcp
mask 255.255.255.255
partition preprod
persist {
    cookie {
        default yes
    }
}
pool /preprod/p_backend_https
profiles {
    clientssl {
        context clientside
    }
    http { }
    oneconnect { }
    tcp { }
}
rules {
    i_ios_ltm_log_ssl_client_handshake
    i_ios_ltm_log_ssl_server_handshake
    /preprod/ProxyPass
}
source 0.0.0.0%2/0
source-address-translation {
    type automap
}
vlans {
    vlan_webdmz
}
vlans-enabled
vs-index 56
}

tm data-group internal /preprod/ProxyPassvs_tomcat {
partition preprod
records {
    /ssltomcat/ {
        data "/ p_tomcat_https"
    }
    /tomcat/ {
        data "/ p_tomcat_http"
    }
}
type string
}

ltm data-group internal /preprod/ProxyPassSSLProfiles {
partition preprod
records {
    "p_tomcat_https profile_serverssl" { }
}
type string
}

It looks like the SSL Profile in the DataGroup (ProxyPassSSLProfiles) is not used. If I define the serverssl profile to the Virtual Server => same effect.

With SSLDump New TCP connection 24: 193.90.139.18(58915) <-> 192.168.1.30(443) 24 0.0016 (0.0016) S>C TCP RST

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)