Forum Discussion
Nimbostratusssl forward proxy configuration
I have configured an irule which is used to send the host to a nameserver for resolution. I also have a clientssl and serverssl profile configured on the VIP and each has the forward proxy feature enabled. The clientside ssl uses a self cert. The server side profile uses "none" for cert and key as I am trying to make this generic. I am also using a snatpool in this configuration. However, when 443 traffic connects to the VIP it does not appear to be passing the traffic outbound. A tcpdump on the F5 shows the conversation between the VIP and the local server but no traffic going out to the Internet. I also have port 80 listening on the same VIP and this traffic works as I see, via a tcpdump, traffic between the VIP and the local server and traffic between the snat IP and a public IP address.
Any ideas as to why the 443 traffic is not working?
Thanks,
2 Replies
Brad_ParkerCirrus
A.) Have you been through this document to setup forward proxy? https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-5-0/16.html
B.) Using tcpdump -s0 -ni VLAN:nnn and using the F5 wireshark plug-in can help identify why a RST is probably being sent since no traffic is seen on the backend.
CraigMoI have gone through the setup forward proxy document and I believe my configuration is setup accordingly.
The tcpdump I used was: tcpdump -i any host or host .
I will try using the tcpdump command you mentioned above.
Thanks,
