Forum Discussion
NimbostratusSSL Proxy question
Hi Guys,
I've got this setup that im trying to figure out on how to implement in f5. We have this web server that the clients needs to see the certifcate when then access the VIP. That's no problem if the f5 is not doing packet inspection, since I got I-rule that does redirection on that same vip. Now I saw some blog saying that SSL proxy should be able to do this, but unfortunately, when I tried implementing ssl proxy it seems to fail when I tried accessing the VIP. I followed the steps from this site https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-3-0/14.html, but still im having issues. Is ssl proxy the answer to my issue? Can you guys have a more detailed step on how to implement ssl proxy? thank you
2 Replies
jocabangon_2204shoot i missed this part Specify the Destination settings. For a Host, in the Address field, type 0.0.0.0 for the virtual server address. For a Network, in the Address field, type 0.0.0.0 for the virtual server address, and in the Mask field, type 0.0.0.0 for the mask. stupid question is it really 0.0.0.0 on the virtual address part? What if i got a specific ip? Also this will only work on 2 arm load balancing? we are currently doing 1 arm though thanks- Kai_Wilke
MVP
Hi Jocabangon,
SSL-Proxy is the answer to your issue. But keep in mind that you have to use RSA based ciphers to make it work. DH or DHE based ciphers simply won't work (resp. would make the SSL-Proxy setup useless).
1 or 2 arm setup wouldn't make any differences.
Cheers, Kai
