Reverse proxy SSL with LTM : https with bigip, then http

Hi,

 

 

We have LTM with ssl accelerator card, so time to use them !

 

 

What I try to do seems easy :

 

 

Request :

 

Client -> https -> Bigip with sslclient profile -> http -> webserver

 

 

Answser :

 

webserver -> http ->Bigip with sslclient profile -> https -> client

 

 

I want that my LTM handle all the ssl requests, decode them and sent in clear text http requests to the web server.

 

 

To do that I've upload my own certificate and key and create a sslclient profile with these cert/key.

 

 

Then I've created a pool with IP of my web server and port 80 (for http, don't want my web server encrypt or decrypt anything).

 

 

Last I've created the Virtual Server, listening on port 443 with my sslclient profile as SSL Profile (Client) option, Protocol Profile (client) is TCP.

 

No SSL profile server needed, and all other option of the VS are to none of not checked.

 

 

I choose my previous pool in the resources tab with source_addr for persistence profile.

 

 

Then I try to access to my website trough the VS ip, I have to certificate send by the Bigip and then ... nothing : "The network link was interrupted while negotiating a connection. Please try again." in my firefox browser

 

 

I try to tcpdump request, and none of them arrived to my web server from the bigip when I try to load the page, while the http health monitor works fine...

 

 

I've read many docs, all the forum, wiki ... and do not find where I failed

 

 

Sur I miss something, if someone could help me ?