ltm virtual BigIP_443 {
creation-time 2023-09-26:15:10:23
destination <VS IP>:https
ip-protocol tcp
last-modified-time 2023-09-28:09:52:29
mask 255.255.255.255
persist {
source_addr {
default yes
}
}
pool Nav_Pool_443
profiles {
LC-http { }
LC-oneconnect { }
LC-tcp-lan { }
Modified_Wildcard {
context clientside
}
Modified_serverssl {
context serverside
}
analytics { }
tcp-analytics { }
}
serverssl-use-sni disabled
source 0.0.0.0/0
source-address-translation {
pool BigIP-Nav
type snat
}
translate-address enabled
translate-port enabled
vs-index 3
}
The above was just a configuration I was playing around trying to get something like just SSL Passthrough to work. I think the end goal is the SSL Bridging because you get better traffic analysis and load balancing or something like that.
This is what the profile was before I started just trying stuff this am.
ltm virtual BigIP-Nav_443 {
creation-time 2023-09-26:15:10:23
destination <VS IP>:https
ip-protocol tcp
last-modified-time 2023-09-28:11:01:52
mask 255.255.255.255
persist {
source_addr {
default yes
}
}
pool Nav_Pool_443
profiles {
LC-http { }
LC-oneconnect { }
LC-tcp-lan { }
Wildcard23-24 {
context clientside
}
analytics { }
tcp-analytics { }
}
serverssl-use-sni disabled
source 0.0.0.0/0
source-address-translation {
pool BigIP-Nav
type snat
}
translate-address enabled
translate-port enabled
vs-index 3
}
Here is the SSL profile
ltm profile client-ssl Wildcard23-24 {
app-service none
cert-key-chain {
WildCard23-24_0 {
cert WildCard23-24
key WildCard23-24
passphrase <encrypted>
}
}
defaults-from clientssl
inherit-ca-certkeychain true
inherit-certkeychain false
log-ssl-c3d-events debug
log-ssl-client-authentication-events debug
log-ssl-forward-proxy-events debug
log-ssl-handshake-events debug
}
And here is the pool
ltm pool Nav_Pool_443 {
load-balancing-mode predictive-member
members {
Nav01:https {
address <IP>
session monitor-enabled
state up
}
Nav02:https {
address <IP>
session monitor-enabled
state up
}
}
monitor https
}
Thanks again!