Forum Discussion
Kevin_Johnson_2
Nimbostratus
NimbostratusUsing LTM as a reverse proxy
My environment is as follows:
I have a pair of 3600's in a DMZ and a pair of 6800s internally. I have OCS CWA webservers sitting behind the 6800s. The web servers have 2 https IIS Virtual servers, one for internal users on 443 and one for external users on port 90.
I need users to be able to connect to the external 3600 CWA VIP, and then hit the internal 6800s and go on to the CWA servers.
I have set up a VIP on the 3600. The virtual server has a service port of 443, it is also using clientssl and serverssl profiles. It is assigned a pool with one member, the internal CWA VIP on the 6800s on PORT 90. The internal virtual server is assigned a pool which contains the CWA web servers on PORT 90.
When I type in the external URL, it connects to the website, but takes a very long time. Then it finally brings up the login screen for CWA but no pictures or icons are visible. I can log in but everything is so slow it is unusable.
The issue stems from changing the 443 to port 90. If I leave out the external pair of F5s and just use the internal F5 to accept traffic on 443, and send it to pool members on 90, I get the same behavior. IF i connect on port 90 internally without changing it from 443 to 90, so https://cwa.domain.com:90, it works fine. Any ideas on what could be happening?
Thanks
2 Replies
hoolioCirrostratus
Hi Kevin,
I would guess the CWA application is referencing itself with port 90 in responses. Can you use a browser plugin like HttpFox for Firefox or Fiddler for IE to see exactly what the app is sending in responses? Look for the response just prior to the first request which fails.
Also, did you check the deployment guide for LTM and OCS? That might have some relevant info for setting this up.
http://www.f5.com/pdf/deployment-guides/f5-ocs-r2-dg.pdf
Aaron
savijhero_81809Kevin did you figure this out, I have this icon issue with OCS CWA also 2007r2
