Pass through HTTPS termination to Servers on LTM version BIG-IP 11.6.0

Login to command line and run the following commands.

tmsh create ltm pool mypool members add { x.x.x.x:443 x.x.x.x:443 x.x.x.x:443 }
tmsh create ltm virtual myvirtual destination y.y.y.y:443 profile add { tcp } pool mypool

Where x.x.x.x is the server, you can have multiple servers as shown separated by spaces. Then y.y.y.y is the listening address of the virtual server. Clients open their connection to y.y.y.y.

Thanks for your reply. If we create a VIP which listens on port 443 and the pool members listens on port 443 without SSL offloading on LB, how does LB decrypt and re-encrypt the packet to backend servers as SSL offloading not on LB?

since the packet from the client is encrypted and I'm wondering what would be possible steps on LB to pass-through the encrypted traffic from client directly to the webserver where SSL certificate is offloaded.

Any help on this request is appreciable.

Regards, Thiyagu

Hi Thiyagu,

If you do not install certificate/key on LTM device, F5 will not encrypt/decrypt the traffic and instead just forward the traffic to back end server.

ClientSSL profile: Used to decrypt client end traffic Server SSL profile: Provides the ability to F5 to re-initiate SSL connection to the backend server

Running the commands provided by Kevin is the quickest way to complete the setup.

You asked for no decryption on LTM.

How does LB decrypt and re-encrypt the packet to backend servers as SSL offloading not on LB?

It doesnt.

The configuration provided passes the SSL traffic to the backend webserver.