Forum Discussion
Chris_Phillips
Nimbostratus
NimbostratusSSL offload headers for ASM
Hi, Is there a way for an ASM box sitting behind an LTM box to know that SSL has been terminated on LTM? We add in similar headers for Weblogic which is behind ASM, but found that the allowe...
jwham20Nimbostratus
NimbostratusChris,
Hmm, so the ASM of course needs the traffic to be decrypted before it can really do much for it (hence the asm policies being for http).
In a single unit, dual module configuration, typically you just see an LTM virtual with a ssl profile on it, and an ASM enabled HTTP class attached to it. This allows the LTM to do the ssl decrypt and the ASM module to do it's dark magic. You can even throw on a server side SSL profile if you want to re-encrypt.
In the dual box environment, question:
are you re-encrypting between the LTM unit and ASM unit? If so, then you should just be able to decrypt on the ASM unit Virtual server profile, and let the ASM do it's thing.
Sorry for the scattergun answer, I may have misread the question (and there is probably about 10,000 different right answers.
Josh M
