Forum Discussion
Josh_41258
Sep 18, 2012Nimbostratus
Robert,
The guide creates two reverse proxys (internal/external) because it assumes that you are using two separate pairs of LTM's for the deployment; one for internal and one for external. The DP does not make this very clear. If you are running everything on one LTM pair, the easiest thing to do is eliminate one of the reverse proxies and just use one.
In the end, you should have one "external" reverse proxy VIP listening on TCP/443 (and TCP/80 if you need HTTP). This VIP's pool members should be your FE servers listening on TCP/4443. The clientssl profile on this VIP should be a SAN that contains the reverse proxy name, and the serverssl profile should not have any key or certificate assigned to it (although the VIP should have a serverssl profile assigned to it). This VIP should also have the iRule that is described in the DP.
Thanks,
Josh