I'd like to set up a virtual server which listens on non-ssl port but the pool members needs to be ssl.
Here's the flow,
F5 Virtual Server (80) -- Pool (443) and the response should be sent back to 80 to Virtual server.
How should I achieve this ? iRule or through SSL profiles ? enabling server ssl and client ssl to empty? will it do it ?
Did you configure HTTPS custom monitor(Send/Receive String) on pool and rest configuration will be same for HTTP VIP but don't forget to apply server side ssl profile.
FYI, For troubleshooting you can apply insecure-serverssl profile to HTTP VIP and check the connectivity and do the fine tuning.
Let us know if any question.
The answer is in the question!!!
If the virtual server have a serverssl profile without clientssl, it will have the expected behavior!
LTM operates always in a full-proxy mode, where the client side connection and server side connection is completely separated.
You can configure the client side connection on whatever port you need (via VS setting) and with or without SSL encryption (via Client-side SSL Profile settings) and combine it with a server side connections on whatever port you need (via Pool Members) with or without SSL encryption (via Server-side SSL Profile). Sky is just the limit in this case...
You will only need to deploy an iRule/LTM Policy if your scenario requires to selectively switch between Server-Side-SSL or Server-Side-Plaintext on the same VS.