Forum Discussion
aa_101481
Nimbostratus
NimbostratusLC outbound Cannot access some https sites
Platform:BIGIP LC 6900
TMOS:V10.2+HF2
Configuration files :
virtual VS_outbound {
destination any:any
mask 0.0.0.0
rules irules_outbound
}
virtual VS_outbound_ftp {
translate service disable
destination any:ftp
mask 0.0.0.0
ip protocol tcp
rules irules_outbound
profiles {
ftp {}
tcp {}
}
}
-------------------------------------------------------
rule irules_outbound {
when CLIENT_ACCEPTED {
if {[matchclass [IP::remote_addr] equals $::ct_snat] or [matchclass [IP::remote_addr] equals $::ct_client]}
{ pool ct_link }
else { if {[matchclass [IP::remote_addr] equals $::cnc_snat] or [matchclass [IP::remote_addr] equals $::cnc_client]} { pool cnc_link }
else { pool ct_link }
}
}
}
-------------------------------------------------------
class ct_snat {
{
network 172.30.224.0/24
host 10.148.128.30
... ...
}
class ct_client {
{
network 172.40.224.0/24
... ...
}
class cnc_snat {
{
network 192.168.1.0/24
host 192.168.10.163
... ...
}
class cnc_client {
{
network 192.168.100.0/24 ... ...
}
------------------------------------------------------------
ISSUE:
After a day of implementation, client says that some of the users cannot access some HTTPS sites.
3 Replies
- Chris_Miller
Altostratus
I'd get a tcpdump of a failed attempt. Is it reproduceable? Same sites every time? 
aa_101481Yes, Same sites every time- Chris_MillerPosted By aa on 10/28/2010 09:30 PM
Yes, Same sites every time
Definitely get a tcpdump and see where the problem is happening. Your VIP configuration looks just fine and I can't imagine LC only causing issues for outbound SSL. From LC, can you telnet to port 443 of the destination site?
