Forum Discussion

atoth's avatar
atoth
Icon for Cirrus rankCirrus
Nov 15, 2015

Some Redirect Fails for Multiple Identical VIPs

I've got about eleven vips with irules. They're all very similar, and all have the same redirect in them "/abc" that points to another vip, abc-443 on port 443. SSL offloading is enabled on abc-443 and it send traffic unencrypted to its pool servers on port 80. Even though the originating vips are all pretty much the same, some of them fail when they the url is accessed. They're prompted by ADS multiple times for username/password, and eventually return a 401 error. For other urls, the username/password they provide takes, and it brings them to the application. As we're testing these, the username/password we're using, AFAIK, is the same for all urls, so why would it take for some urls, and not others? I'm not a server guy, and the last time I even really even read up on ADS was at least a decade ago, so would anyone have any suggestions for troubleshooting the above issue. or have any insight as to what could be causing it?

 

2 Replies

  • Are the failing VIPs configured with a OneConnect profile? A mask of 0.0.0.0 could result in traffic being sent to a node without the necessary session data for authentication. A SNAT Pool might exhibit similar behavior if the nodes are unhappy about having source IP change (iRule in devcentral to fix).

     

  • No. I don't think any of them are using a OneConnect profile. We're not using a SNAT pool either on any of them, I don't think.