Forum Discussion

PraveenP's avatar
PraveenP
Icon for Nimbostratus rankNimbostratus
Jul 10, 2020

SSL passthrough

I need a help with SSL passthrough. We have a web server which is accessible over browse url https://x.x.x.x:1239, I added the node, created the pool (with Health Monitors: tcp, Allow SNAT: No and added the node with service port 1239), also created VIP with type: Performance (Layer 4), service port:443 and default pool (created earlier). Despite this, still i am not able to access the web server using the VIP. Is their something missing at configuration level or i have to approach differently to access that server by VIP?

application delivery
BIG-IP
LTM

4 Replies

Sort By
  • Mayur_Sutare's avatar
    Mayur_Sutare
    Icon for MVP rankMVP
    Jul 13, 2020

    What is the default gateway of application server? As you have kept SNAT as no, then application servers's gateway should be F5 otherwise it will create asymmetric routing issue. Or else enable SNAT if you do not want to keep F5 as gateway for backend servers.

     

    Also verify if your application is working using https://<application-Server-IP>:1239 ? At least application should be up and running on application server.

     

    Hope it helps!

    Mayur

  • PraveenP's avatar
    PraveenP
    Icon for Nimbostratus rankNimbostratus
    Jul 13, 2020

    Hi Mayur,

    thank you!

    default gateway of application server is F5 floating IP.

    yes we can able to access using its server IP with the url https://<application-server-ip>:1239.

    But its still not working using F5 VIP, any other options or configuration change do you suggest us

     

  • Mayur_Sutare's avatar
    Mayur_Sutare
    Icon for MVP rankMVP
    Jul 14, 2020

     ,

     

    I hope, your virtual server is listening on port 1239 but not on 443. If post making these changes still it is inaccessible, please check if created Virtual Servers and attached pool are getting hits.

     

    Mayur

  • F5SJ_'s avatar
    F5SJ_
    Icon for Altocumulus rankAltocumulus
    Jul 14, 2020

    If it is Performance (Layer 4) VIP, don't use http profile. Use only fastL4 profile.