Forum Discussion

Jim_Couch_16225's avatar
Jim_Couch_16225
Icon for Nimbostratus rankNimbostratus
Dec 04, 2014

HTTPS > 50000 port translation with SSL termination

I am configuring a VIP that listens on 443 and has port translation enabled. The VIP points to a pool with one server that listens on port 50000. When I type the address https://myurl.company.com/ the URL changes to myurl.company.com/index.jsp, so I believe its getting to the server but I get a webpage is not available. If I use a hostfile and point directly at the server, myurl.company.com:50000, then I get to the website and everything looks good.

 

Also, using CURL, when I try "curl -k https://myurl.company.com" I get no response.

 

Using Wireshark, I see the SSL handshake but then afterwards, I get a lot of resets from the VIPs ip.

 

Jim

 

4 Replies

  • What if you configure the VS port as 50000, does it work? If initial request to https://myurl.company.com/ is getting to the server and being redirected, you should be able to see that in the tcpdump. Or you can use something like HTTPWatch to record http transactions on the browser to verify. That might be useful for comparing the transactions between going directly to the server vs. through the BIG-IP as well.

     

  • I dont think I can configure the VS as 50000 since the initial connect is over 443. I'm new to all this so, I could easily be wrong. I'll look into HTTPWatch. I havent used that yet.

     

    Jim

     

  • Using HTTPWatch it appears that its doing a redirect, but what I am actually trying to accomplish is a 443 connection to the BIG IP appliance terminated, and a 50000 connection to the server. Am I doing it incorrectly?

     

  • It should be pretty straightforward, and from the sounds of it, your config should be find. VS on 443 and with Pool members on 50000 and Port Translation enabled. I wonder if your server is redirecting with port number attached, " If you do a tcpdump on VS for port 50000, you would see that, or the redirect may also show the port number.