Forum Discussion
NimbostratusLTM SSL Pass Through
Hello,
I have had a look around but to no avail.
I have an LTM running 11.2 HF1.
Users access a URL that goes via a Threat Management Gateway (MS) so they ask for the URL and then the TMG gives it ot the F5 VIP, so we only ever see connections coming from the Proxy.
I have a Perf layer 4 VIP listening on 443 and a pool containing 2 servers running SSL on port 8017
If I have two members in the pool, I suspect that I am flicking between the two members as I am seeing a cert error screen and then when I say OK go there, it just sits there.
If i take one me,ber out of the pool it seems to be OK
I have changed the VIP from Perf layer 4 to standard, I have not put any ssl profiles in, if I do that I don't even get to the cert error page
So my question is what exactly do I have to configure to allow a VIP to listen on 443 and then to pass the request to the backend servers on 8017 without decrypting/encrypting etc and to have a persistency that means when the request gets to a server it stays there
Thanks,
George
1 Reply
What_Lies_Bene1Cirrostratus
Proxied connections and end to end SSL, not a great setup for persistence. You only have two options here; 1) source address persistence - this will work but only one server will get all the traffic, not ideal or 2) SSL persistence, this should work fine as long as you disable CMP for the virtual server.
