Forum Discussion

W__Tout_99150's avatar
W__Tout_99150
Icon for Nimbostratus rankNimbostratus
Jun 27, 2008

SSL encryption on outgoing requests

We have multiple 3rd parties to which we connect over https. We're considering moving the SSL encryption from our application to the load balancer to reduce the load on the application. Is it feasible...
application delivery
dev
devops
iRules
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Jul 07, 2008
Sorry, I didn't see your last post.

If you can use an internal IP address you'd configure a pool with the pubic IP address and port you want to connect to. Then create a VIP using the internal IP address on port 80. Add a server SSL profile to the VIP and it should work.

You could also configure the VIP using the actual public IP of the external server. You'd need to disable ARP on the virtual address and ensure there is a route on the client to the public IP through LTM. Here is a sample config using Gmail as a public HTTPS site: 

 
 pool gmail_https_pool { 
    member 64.233.171.83:https 
 } 
 virtual address 64.233.171.83 { 
    arp disable 
 } 
 virtual gmail_https_vs { 
    destination 64.233.171.83:http 
    snat automap 
    ip protocol tcp 
    profile serverssl tcp 
    pool gmail_https_pool 
 }

Aaron