Nimbostratussnat and serverside ssl not working together
We deployed MS Exchange 2010 using the latest iapp template. Our environment now consists of a hybrid Exchange 2010/2007 environment. I had to make some changes to the default irule that allowed us to use serverside for connections where the url was "/ews/mrsproxy.svc". Basically at the top of the irule we added
when HTTP_REQUEST {
set DEBUG 0
log local0. "The string before entering the switch is: [HTTP::uri]"
switch -glob -- [string tolower [HTTP::uri]] {
"/ews/mrsproxy.svc" {
Exchange MRS Stuff.
log local0. "[LB::server addr] oneserver443"
SSL::enable serverside
pool oneserver443
CACHE::disable
return
}
This all works fine except that 2007 users cannot see free busy information for 2010 users. The 2010 users can see free busy for 2007. The servers for 2007 and 2010 are in the same /24 and we nat the connections to 2007 but not 2010. Now when I nat the 2010 connection it works if I remove the serverside ssl portion of the configuration. Unfortunately the /ews/mrsproxy.svc portion is present so that we can perform migrations into the 2010 environment.
The "/ews_" part of the switch now looks like
"/ews_" {
Exchange Web Services.
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} else {
persist source_addr
}
snat automap
pool exchangefreebusy_oa_pool3
if {[IP::addr "[IP::client_addr]/24" equals "[LB::server addr]/24"]} {
snat automap
}
else {
snat none
}
CACHE::disable
return
}
Right now the snat portion is commented out but you can see that I tried to nat only for addresses where the source server and the destination server were in the same /24. I also tried to nat for all connections but as long as the serverside ssl was configured it didn't work. When I say didn't work I am talking about getting the free busy information. The source address of the packets was changing to that of the load balancer on the back end.
Any hints would be most welcome
