hi all ,
i want to send all request and response traffic for a https vip to a clone pool .
do i need to have 2 vips -- one vip only with client ssl - and send client side decrypted traffic to clone pool
second with server side ssl that sends server side traffic to clone pool
any help or suggestion will be appreciated
Hi Please help me to understand your requirement properly.
Do you mean, for some of the traffic on the 443 listening VIP, you want plain traffic for server side connection and rest traffic on the same destination IP/VIP, the server side connection should be encrypted ? Kindly confirm if my understanding is correct?
NOTE - If your destination VIP IP and port is same, you can create single VIP only. You won't be able to create another VIP with same IP and port. So if your use case is the same that I have said in first question, then you can achieve same using single VIP only. And the requirement can be fulfilled by having traffic matching conditions using LTM policy or iRule.
this is the question --
if i have client side ssl - and server side ssl on a VIP - i get encrypted traffic and send encrypted traffic to pool .
if i want to use clone pool for auditing .
will the traffic sent to - client cone pool and server clone pool be encrypted on NON encrypted
If there is server ssl profile (server side SSL) configured on a VIP, it will always have secure or encrypted connection between F5 and backend server for all the pool behind it. If you want to bypass server ssl (server side SSL) for any specific pool, then you can do it using LTM policy or iRule.