Forum Discussion
hooleylist
Oct 01, 2008Cirrostratus
First, I'd suggest considering upgrading from 9.3.x to 9.4.5 with the latest hotfix (currently HF2). ASM and the architecture between TMM and ASM have both been completely revamped in 9.4.5. The security policy format and methodology have also changed significantly since 9.3.x. If you're just starting out with ASM you might want to use the new format.
That said, if you're having issues configuring an ASM-enabled VIP, try removing any HTTP classes you've added to the VIP. Start with a standard TCP VIP on port 443. To make the test simple, configure the pool members on port 443 and don't decrypt the client traffic or re-encrypt the server traffic with SSL profiles. Once you get that working, then you can start with the decryption and adding ASM to the VIP.
When you add ASM, you'll need to decrypt the client side traffic to parse it as HTTP and inspect it. So you'll need to add a client SSL profile and an HTTP profile. If you need to keep the server side traffic encrypted, add a server SSL profile. Get that working and then add an HTTP class with App Security enabled. Make sure the policy is in transparent mode to start with. Once you get the load balancing configuration set up, you can start building the policy.
If you have issues with the load balancing configuration reply here. If you have questions on the ASM portion of the configuration, you can post in the new ASM forum (Click here).
Aaron