Forum Discussion
NimbostratusiRule redirect to another Virtual - is it classed as server side?
I am carrying out a piece of work to send specific requests off to another HTTPS virtual server, but getting stuck on decrypt/encrypt of the traffic.
The calls land on VS1:443 and clientssl profile takes care of decrypting the request. Then various requests are sent off to VS2:443 for manipultion and traffic routing. The whole process works for non secure, but due to the nature of these calls we want to keep everything secure. There are also other calls from within the network that will call VS2:443 directly.
The error I get is:
Connection error: ssl_passthru:4124: not SSL (40)
So one question is, when selecting a virtual from within an iRule (virtual /Common/VS2_SSL) does this use the serverside profile from VS1 to encrupt the call to VS2? It doesn't seem to be if I'm reading the error correctly. So how do I encrypt this call? I have tried with SSL::enable and SSL::profile after the virtual redirection but this didn't seem to work and gave the same error still.
Any help would be greatly appreciated on this.
Thanks
Andy_McGrathCumulonimbus
Virtual creates an internal connection on the server side of the first Virtual Server, so if you have a Client SSL profile on VS2 you will need to ensure you have a Server SSL profile on VS1 to ensure the SSL/TLS connection works correctly.
If you have SSL off load at the backend of VS1 then you can have an iRule to disable the Server SSL profile when not using the
command to forward, this will ensure that both native andvirtual
connections from VS1 work correctly.virtual