irule for SSL termination and then pass to 2nd VIP

Question

Hi all, first post....
I'm after an iRule please -&gt;&nbsp;
I'd like to accept a https connection ( so the TLS will terminate ) on VIP1 but then get the connection to be passed over to VIP2.  I have done a straight -&gt;&nbsp;
when CLIENT_ACCEPTED {
    virtual VIP2
}&nbsp;
Which worked fine in our L3 networking world but not so good for the applications guys who need the TLS terminate to be done on VIP1 first.  
&nbsp;
From a networking ( IP to IP) background so need to learn for about Http and application states quickly :)&nbsp;
Thanks in advance. &nbsp;

leonardo_souza · Answer

You need to have a clientssl profile in the first virtual server.
Have the iRule to pass the traffic after to the second virtual server.
The second virtual server should not have clientssl or serverssl.&nbsp;
For the iRule:&nbsp;
https://devcentral.f5.com/wiki/irules.virtual.ashx&nbsp;
However, why you need 2 virtual servers?&nbsp;

simon_blakely · Answer

CLIENT_ACCEPTED is too early in the connection process to pass off to another virtual - the 3WHS has completed but not the SSL handshake.&nbsp;
CLIENTSSL_HANDSHAKE is too early, too.&nbsp;
Try putting the virtual command in the HTTP_REQUEST event.&nbsp;
Again, please explain what you are trying to achieve, as there may be a better way to get the required results.&nbsp;

Forum Discussion

irule for SSL termination and then pass to 2nd VIP

2 Replies

Recent Discussions

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Related Content

FTPS_SSL_ Termination

iRules Style Guide

Configure NGINX microgateway for MTLS termination and client certificate hash verification

SSL Termination

F5 BIG-IP as a Terminating Gateway for HashiCorp Consul