NimbostratusExternal F5 DNS and different Internal F5 LTM - SSL pass through does not work
Hello guys:
Please, I have a question about a deployment. I have a LTM v14.1.0.2 located in the DMZ which is load balancing some services. The LTM virtual servers are configured in ports like 80, 443, 22, 25 and so on. The external firewall is NATing the public IP segment to the private IP segment and delivers the incoming traffic to the LTM virtual servers which perform load balancing. Everything works like a charm, but... I need to get rid of the external firewall and deploy a F5 DNS instead. Such F5 DNS v14.1.0.5 must translate the public to the private IP segments and deliver the incoming traffic to the LTM VSs which load balance the traffic to the servers. I am facing a problem. I deployed SSL pass through virtual servers in the F5 DNS; in this case, the LTM VSs will become the nodes for the F5 DNS and they will perform SSL offload. In other words, for one HTTPS service, I have: Internet <-> Wide IP <-> F5 DNS VS:443 <-> F5 LTM VS:443 <-> F5 LTM POOL_MEMBER:443 <-> SERVER. However, such SSL pass through does not work. I am getting errors in the SSL handshake. I just want to open the door for the HTTPS traffic in the F5 DNS and leave the F5 LTM works like always. I tested by not using any SSL profile in the F5 DNS virtual servers, but it did not work. I also tested by creating the same SSL profiles as the ones present in the LTM, but it did not work. I see that I am trying to perform SSL encryption/decryption three times in my deployment. I do not know if that is the source of all my frustrations. Any suggestion or comment is very welcome.
Thanks a lot
Omar
