Nimbostratus
If it is, how is the required certificate(s) going to be included in the requests and where should it/they be located on the load balancer?
Cirrostratus
You could create an HTTP VIP defined with the IP:port of the external server. Disable address translation and add a server SSL profile to the VIP. You could enable the VIP only on the VLAN that your client host is connected on. The host would connect to the VIP via HTTP. The BIG-IP would proxy a serverside connection via HTTPS.
Aaron
NimbostratusCirrostratus
If you can use an internal IP address you'd configure a pool with the pubic IP address and port you want to connect to. Then create a VIP using the internal IP address on port 80. Add a server SSL profile to the VIP and it should work.
You could also configure the VIP using the actual public IP of the external server. You'd need to disable ARP on the virtual address and ensure there is a route on the client to the public IP through LTM. Here is a sample config using Gmail as a public HTTPS site:
pool gmail_https_pool {
member 64.233.171.83:https
}
virtual address 64.233.171.83 {
arp disable
}
virtual gmail_https_vs {
destination 64.233.171.83:http
snat automap
ip protocol tcp
profile serverssl tcp
pool gmail_https_pool
}
Aaron