Forum Discussion

George_32239's avatar
George_32239
Icon for Nimbostratus rankNimbostratus
Jan 18, 2013

LTM SSL Pass Through

Hello,

 

 

I have had a look around but to no avail.

 

I have an LTM running 11.2 HF1.

 

Users access a URL that goes via a Threat Management Gateway (MS) so they ask for the URL and then the TMG gives it ot the F5 VIP, so we only ever see connections coming from the Proxy.

 

I have a Perf layer 4 VIP listening on 443 and a pool containing 2 servers running SSL on port 8017

 

If I have two members in the pool, I suspect that I am flicking between the two members as I am seeing a cert error screen and then when I say OK go there, it just sits there.

 

If i take one me,ber out of the pool it seems to be OK

 

I have changed the VIP from Perf layer 4 to standard, I have not put any ssl profiles in, if I do that I don't even get to the cert error page

 

So my question is what exactly do I have to configure to allow a VIP to listen on 443 and then to pass the request to the backend servers on 8017 without decrypting/encrypting etc and to have a persistency that means when the request gets to a server it stays there

 

 

Thanks,

 

George

 

 

 

1 Reply

  • Proxied connections and end to end SSL, not a great setup for persistence. You only have two options here; 1) source address persistence - this will work but only one server will get all the traffic, not ideal or 2) SSL persistence, this should work fine as long as you disable CMP for the virtual server.