Using SSL offload and passing traffic through to internal webserver

hi out there

 

I have defined a vs - solely LTM (bigip 11.3) where I make use of SSL offload in the F5 and passing the http traffic through to a internal webserver. The intention was that we in phase one of this project get the frame for it up and run - the F5 should only take care of SSL offload and passing the traffic on to the internal server. But - The authentication fails - I have enabled basic authentication on the webserver (IIS7.5) and it replies nicely with a 401 which the first time is passed through to client on the outside of the F5. Afterwards it fails and I cannot really find out why. I have been using the standard http profiles etc - as much as possibly right out of the box. Eg.: my problem here is that the first time the client access the internal webserver the authentication runs correctly - but afterwards it is as if the authentication fails - the webserver writes 401 in the logfile.. Since it is SSL encrypted on the client side it is a bit hard to investigate in even thoguh I can see what we think we sends by dumping it out with tcpdump and decrypt with ssldump - but I am still not sure what is going wrong. Are there some common pitfalls here when we do a protocol-transition?

 

best regards /ti