Forum Discussion

Gary_Meehan_315's avatar
Gary_Meehan_315
Icon for Nimbostratus rankNimbostratus
May 14, 2012

Big-IP LTM Re-encryption

Hi all,

 

 

I've using the virtual edition of Big-IP 10.1 under a trial license, which I'm using to load balance traffic to a web server (a single instance of IIS in my test case).

 

 

In my virtual server, I can specify a client SSL Profile, so that the Big-IP server receives HTTPS traffic decrypts it and sends HTTP traffic to the web server, working fine. I can also specify a server SSL profile, so the Big-IP server receives HTTP traffic and sends HTTPS traffic to my web server, working. However, when I set both client and server SSL profiles, I never get a response to my requests.

 

 

I want the Big-IP server to decrypt incoming traffic, add a cookie for persistence profiling, and re-encrypt the traffic before sending it on to the web server. I can see the request coming into the web server but no response is ever seen at the browser.

 

 

I was wondering if anybody had any ideas on how I can get this working. I have self-signed certificates on both the Big-IP server and the web server if that makes any difference.

 

 

Thanks,

 

 

Gary

 

basic
getting started
new to f5

11 Replies

Sort By
Show More
  • Gary_Meehan_315's avatar
    Gary_Meehan_315
    Icon for Nimbostratus rankNimbostratus
    May 16, 2012
    You're right, Lloyd. Turns out it's the trial edition that's the cause of all my woes. Quoting from the release note to which you linked: "When you assign both a ClientSSL and a ServerSSL profile to the same virtual server, the BIG-IP system forwards the client request successfully, but the client does not receive the response." The solution, if I'm going to persist with the trial edition, is to use two virtual servers and have one do the decryption and the other the encryption.

     

     

    Thanks all,

     

     

    Gary