Mutual Authentication

Question

Hi All,&nbsp;
We have multiple VIPs in our environment where we have mutual authentication configured. At time we face issue where some of the cert at server side gets changed and we need to take tcpdump to figure out correct cert. But at time I have seen issue where we take wireshark and instead of seeing 'client hello' after 'ack' we just keep on seeing 'psh, ack'. Below is the command I use to take capture:&nbsp;
tcpdump -vnni 0.0 -s0 host 1.1.1.1 -w /var/tmp test.pcap&nbsp;
Is there anything I am missing? I am using f5 plugin as well.&nbsp;
Thanks.&nbsp;

kevin_stewart · Answer

Okay, let's clarify a few things. You say "cert at server side", which implies to me that you're sending the client cert all the way through, which also implies that you're not decrypting and re-encrypting at the F5. So if that's the case, what type of persistence do you have configured for the pool members?

Forum Discussion

Mutual Authentication

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

What is Mutual TLS (mTLS)?

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Selective mutual authentication by HTTP::Host

Doing mTLS Authentication per URL

Verifying Slack Requests with Mutual TLS