Showing results for 
Search instead for 
Did you mean: 

Multiple reverse proxy with multiple ssl profile


I have this user case:


1 IP to nat 80, 443 to outside internet


2 domain:


- with cert profile (wildcard) and,


- with cert profile (wildcard) and,


1 F5 VPN server with domain use ssl cert profile same as (created by f5 wizard)




I want to implement as this:


From the internet when user need access vpn they goto and it use cert profile


access, use cert profile


access, use cert profile




To archive this purpose i did this:


Create VS1 80 redirect all incomming traffic to HTTPS


on VS1 443 i config no ssl profile and add iRule:






  switch -glob [string tolower [HTTP::host]] {


      "*"     {virtual}


      "*"    {virtual}


      ""        {virtual vpn-F5-VS}








with the hope this VS1 act as reverse proxy, forward traffic that host contain "" to (VS2), "" to (VS3), and "" to virtual server created by F5 wizard.


on VS2 and VS3 i add ssl profile + config to act as reverse proxy to redirect traffic to appropriate pool or virtual server. If i connect directly to VS2, VS3 or VPN VS everything work fine.


But if i connect through VS1 NOTHING WORK, the browser said "Secure Connection Failed An error occurred during a connection to app1.dom1.comm. PR_CONNECT_RESET_ERROR" or "can't reach this page The connection was reset."


I tried to add ssl profile to VS1 but still not working.

 I check /var/log/ltm it say nothing

Anyone have an ideal? Thank you





You need to configure all client SSL profile for related domains on VS-1 443 Virtual server.​ Once proper SSL profiles are configured, SSL handshake between client and VS-1 will happen. If post handshake also there is problem then you need to check your iRule is working or not. You can check hits on other VS and see if there are hits.

NOTE- As you have multiple domains on same VS, you need to configure all SSL profiles on VS-1 with SNI.

Hope it helps!