NimbostratusDear all, in my solution big-ip deploy with one-arm connectivity when I create iApp template to loadbalance the connection server, it doesn't working, (my solution I will offload ssl between big-ip and connection server)
best regards,
CirrostratusCan you provide some more detail on precisely what isn't working please?
NimbostratusSo when I configured both of virtual with http and https, F5 can loadbalance to the connection server but on the client browser doesn't connect to (it shold page couldn't displsy)
CirrostratusSo did the iApp create them for you or did that not work? Do you get the same issue with both Virtual Servers? Do you get served a certificate with the SSL one?
Nimbostratusyes I did iApp to create for both http and https. so the issue for http ("page couldn't display") for https ("show page ssl to allow certificate to access and then couldn't anything change or working"). for the certificate I used self cert on F5 for https connection from client access.
CirrostratusOK, so you're definitely getting to the F5 if you get the SSL certificate served. This suggests you have an issue with routing back to the client from the real servers. Can you check and describe how the servers route back to the client VIA THE F5 please?
NimbostratusFor routing back on the client and F5 have default gateway to the same core switch and my virtual server policy have the Auto Map both of http and https, I think it should work right?
CirrostratusOK, so you mean SNAT Automap right? If so, I'd hope routing is not an issue. In the first instance, I'd do a traceroute from the server to the F5 address that'll be used by Automap and make sure things are routing as expected.
Are you able to successfully connect to your connection servers via http without going through BIGIP?
NimbostratusBeneath Now I can loadbalanced VMview, for the issue is when I would like to do SSL offload, on the Connection server need to change some configuration to be used http instead https. (follow by F5 VMview deployment guide) but It not work when I tried to direct connect to the connection server by http, it default redirect to https. So I turn back to loadbalance with default the connection server configuration (with https) and it ok.
Thank you for your suggestion. Then I have new one issue, so I need to do trust certificate on client and server side that mean I need to create certificate request for VIP to do client certificate and add certificate for the connection server (2 servers) for server right? and how can I add 2 certicate of connection server for 1 server certificate profile?
sorry to response late.
For Greg I cannot access the connection server via http, because it always redirect to https.
The view deployment guide has a section that discusses locked.property files and setting the connection servers to use http connections if you are still having issues connection to the View servers using ssl offload. You have to use the same ssl server certificate on all 3 devices (2 connection servers and the BIGIP). Even though you are setting the BIGIP up for ssl offload, you still have to have the same certificate on all 3 devices because the connection servers use the cert during the ticketing process. The View iApp will place your certificate in the approprate places on the BIGIP, all you need to do upload your certificate to the BIGIP prior to running the iApp.
