Forum Discussion

Sly_85819's avatar
Sly_85819
Icon for Nimbostratus rankNimbostratus
Oct 13, 2009

SSL pass-through configuration

Can someone tell me how to I configure SSL pass-through for Standard VS? Basically we dont want to have SSL offloading on LTM and the server should have SSL cert. I have used 2 options suggested by F5...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Nov 17, 2009
There are a few options (in order by what I think your requirements are):

 

 

1. Standard TCP VIP without any client or server SSL using SSL session ID persistence. No HTTP inspection or modification possible.

 

 

2. Standard TCP VIP with a client and server SSL profile. This would add load to both LTM and the servers for decrypting and re-encrypting the SSL, but would allow you to inspect and modify the HTTP on LTM and keep all traffic on the wire encrypted.

 

 

3. Use a performance layer 4 VIP and no client or server SSL profiles. This is the fastest in terms of LTM processing, but also the most limited in terms of functionality. You cannot use client or server SSL, an HTTP profile for inspection or modification, cookie insert persistence, etc.

 

 

Aaron