Forum Discussion

Javier_Somoza_3's avatar
Javier_Somoza_3
Icon for Nimbostratus rankNimbostratus
Nov 14, 2017
Solved

BIGIP cluster SSL problem

Hi all

 

BIGIPv13 2 node cluster environment.

 

A virtual server acting as reverse proxy working correctly in node 1. If I set the second node as active, cannot connect to the ssl sites this virtual server is publishing. It seems any SSL/certificate related problem (as seen in the browser).

 

But the configurations are "in sync" so how can the second node act different compared to the first one? How could I troubleshoot this?

 

Thanks all!

 

  • Javier,

     

    With the limited information you are giving you should do the following.

     

    Are all items 'green' on both appliances. In other words, are the health monitors OK and are the Nodes, Pool and VS OK? If the configuration is in sync, it does not mean everything is working on the other member also. There maybe a network issue for that member.

     

    Is there a firewall between the F5 appliances and the backend server? Are the rules configured correctly for both appliances?

     

    Try to test the connectivity from the command line. Can you ping? Are you learning MAC addresses?

     

    If all seems to be OK, you need to perform some troubleshooting with tcpdump and ssldump etc.

     

    Regards, Martijn

     

4 Replies

  • Javier,

     

    With the limited information you are giving you should do the following.

     

    Are all items 'green' on both appliances. In other words, are the health monitors OK and are the Nodes, Pool and VS OK? If the configuration is in sync, it does not mean everything is working on the other member also. There maybe a network issue for that member.

     

    Is there a firewall between the F5 appliances and the backend server? Are the rules configured correctly for both appliances?

     

    Try to test the connectivity from the command line. Can you ping? Are you learning MAC addresses?

     

    If all seems to be OK, you need to perform some troubleshooting with tcpdump and ssldump etc.

     

    Regards, Martijn

     

  • Javier,

     

    With the limited information you are giving you should do the following.

     

    Are all items 'green' on both appliances. In other words, are the health monitors OK and are the Nodes, Pool and VS OK? If the configuration is in sync, it does not mean everything is working on the other member also. There maybe a network issue for that member.

     

    Is there a firewall between the F5 appliances and the backend server? Are the rules configured correctly for both appliances?

     

    Try to test the connectivity from the command line. Can you ping? Are you learning MAC addresses?

     

    If all seems to be OK, you need to perform some troubleshooting with tcpdump and ssldump etc.

     

    Regards, Martijn