Forum Discussion
Altostratusssl pass though https VIP is not working
hi
I configured an https VIP on LTM ( performance L4 VIP ) ;it did not work then tried standard VIP with http profile as none ; still it did not work..
What is the correct way to setup ssl pass though URL https:/xyz.abc.com as VIP on LTM.SSL certs are there on server only; we do not want them on LTM.
THANKS MAYANK
12 Replies
- nitass
Employee
have you checked tcpdump/ssldump? what did you get?
Mayank_Shuklanopes.. i think some mistake in selecting correct profiles:-
please guide me what type of vip is needed and whaat profiles need to be selected..
certs are there on servers; ltm has to be in ssl pass through mode and vip is an https url..
- nitass
please guide me what type of vip is needed and whaat profiles need to be selected..
sol12015: Configuration requirements for SSL virtual servers, profiles, pools, and monitors
https://support.f5.com/kb/en-us/solutions/public/12000/000/sol12015e.g.
config root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:443 mask 255.255.255.255 pool foo profiles { fastL4 { } } source 0.0.0.0/0 source-address-translation { type automap } vs-index 18 } root@(ve11c)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo ltm pool foo { members { 200.200.200.101:443 { address 200.200.200.101 } } } test [root@ve11c:Active:In Sync] config curl -Ik https://172.28.24.10 HTTP/1.1 200 OK Date: Sun, 22 Mar 2015 05:36:29 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Sun, 09 Feb 2014 08:39:51 GMT ETag: "41879c-59-2a9c23c0" Accept-Ranges: bytes Content-Length: 89 Content-Type: text/html; charset=UTF-8 - Mayank_Shukla
I configured performance(layer 4) VIP though GUI ;it automatically chose fastl4 profile in advanced section;pool members are also listening on port 443 ; what is wrong in my config ? all looks green on ltm but url does not open..
- Mayank_Shukla
I used snat pool
- Mayank_Shukla
ok
- Mayank_Shukla
i hv access to gui only;please tell me how to capture tcp dump from gui ; how to start,stop and get the file safely ? i will do this if automap does not work
- Mayank_Shukla
its 11.4.1
- nitass
i hv access to gui only;please tell me how to capture tcp dump from gui ; how to start,stop and get the file safely ?
i think you had better use cli.
- Mayank_Shukla
It worked with automap. I greatly appreciate your tech skills and helping nature!
Please advise me the concept why it worked with automap and not with specific snat pool? and why we need performance(layer 4) type of VIP in this case ?
Thanks Mayank
