Forum Discussion
hooleylist
Nov 30, 2009Cirrostratus
Hi Randy,
It would be easier to configure the OCSP server(s) in a pool and then add logic to your OCSP auth iRule which checks [active_members $ocsp_server_pool] > 1 before trying the OCSP authentication. You could send an HTTP response or TCP reset back to the client if the pool was down.
If you do want to create a VIP, you could do it on a free loopback IP address like 127.0.0.100 and then configure this internal VIP address as the OCSP responder address.
Aaron