Forum Discussion
Alex_30981
Nimbostratus
NimbostratusSSL server profile problem
Hello everybody,
I am having trouble in the SSL sever profile setup of a LTM VE (Trial Version). I have surfed the Web looking for an answer but so far I have been unable to solve this probl...
koenning_107182Nimbostratus
NimbostratusHi Alex,
from the release notes:
http://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnotes_ve_10_1_0.html
ClientSSL and ServerSSL profiles on same virtual server (CR141545)
When you assign both a ClientSSL and a ServerSSL profile to the same virtual server, the BIG-IP system forwards the client request successfully, but the client does not receive the response. To work around this issue, you can create two separate virtual servers that specify the same destination IP address and port. The first virtual server references the ClientSSL profile and an iRule that internally routes the connection to the second virtual server instead of to a load balancing pool. The second virtual server references the ServerSSL profile and the load balancing pool. The following is an example of an iRule assigned to a ClientSSL virtual server. The iRule includes the virtual command, which internally routes connections to a second virtual server named server_ssl_test. The second virtual server must have its VLAN disabled using the vlan none enable command:
rule target_server_ssl {
when CLIENT_ACCEPTED {
virtual server_ssl_test
}
}
pool b68_https { member 10.1.1.68:4443 }
virtual client_ssl_test {
destination 10.1.1.117:443
profile http clientssl tcp
rule target_server_ssl
}
virtual server_ssl_test {
destination 10.1.1.117:443
profile http serverssl tcp
pool b68_https
vlan none enable
}
regards,
Christian Koenning