Unless you were using the PerApp VE license and went over the 1 virtual IP and 3 virtual server limit, yes this works fine.
This is how many applications work when using a 443 application port and alternate port for management or other features such as API access.
Did you see any traffic hit the VIP when you used curl? Are you using a jump box within the AWS 10.0.1.44 network? If the traffic is getting to BIG-IP, a tcp dump may help you identify where the traffic is terminating. You should see a tcp handshake on 10.0.1.44:2323 and tls negotiation. You should also see the same data for the BIG-IP to node just without the tls negotiation.
I had this exact config stood up last week in AWS in a VPC and it does work. I however use a AWS workspace to access the application VIP to keep everything self contained.
Breaking the troubleshooting down in a similar fashion will help you isolate out the issue.
- If you can get to 10.0.1.44:443 from your source, then 2323 will work if open. You can verify this with TCP dump or VIP statistics
- Verify the VIP is green meaning your health monitor to your node is working and it's accessible to BIG-IP. You can verify this by logging into your BIG-IP and using curl from the CLI. Or even just a ping if ICMP is open within the sec group (all security groups include a all access for anything residing in that group)
- If you're connection is resetting instead of timing out, check your routing to ensure the application server is routing back through BIG-IP or you planned for async routing (SNAT Poo within the VIP).