Hello,
I am trying to get an application working on CSM-S but so far without luck. What I am doing is the following:
1. On the CSM I create a vserver and serverfarm pointing to the SSL-PROXY:
serverfarm ITIMSSL
nat server
no nat client
real 10.10.10.253 local
inservice
vserver ITIMSSL
virtual 10.10.10.253 tcp https
serverfarm ITIMSSL
persistent rebalance
inservice
2. On the SSL Proxy I configured the following:
ssl-proxy service ITIM
virtual ipaddr 10.10.10.253 protocol tcp port 443 secondary
server ipaddr 10.10.10.254 protocol tcp port 9080
certificate rsa general-purpose trustpoint itim
inservice
My understanding is that with this config the traffic coming in on .253 port 443 should be sent to .254 port 9080.
3. On the CSM than I create vserver for real serverfarm:
natpool ITIM-PROD-NAT 10.10.10.254 10.10.10.254 netmask 255.255.255.0
probe ITIM http
request method get url /enrole
interval 15
retries 2
failed 30
open 2
port 9080
serverfarm ITIM-PROD
nat server
nat client ITIM-PROD-NAT
real name DDDEVA0059
inservice
real name DDDEVA0019
inservice
probe ITIM
vserver ITIM-PROD
virtual 10.10.10.254 tcp 9080
serverfarm ITIM-PROD
replicate csrp connection
persistent rebalance
inservice
With this config all real servers show as up. If I go directly to the vserver 10.10.10.254 it works but the SSL communication is not working. If I check my browser using HTTP watch it looks like I am being redirected to http://10.10.10.253:9080/enrole which obviously does not work. I expect that with this config the redirect should be http://10.10.10.254:9080/enrole which would work.
Thanks.