These are the two modes of operation for Secure Socket Layer (SSL):
Standalone mode. Flows in the client-to-server direction can originate as either clear text or as encrypted data. All flows in the server-to-client direction originate as clear text. Depending on the source port, traffic may or may not be encrypted by the SSL module before being forwarded to the client.
One-armed configuration with Content Switching Module (CSM) module. When the SSL module is used with a CSM, the CSM treats the SSL module as a special real server. The CSM parses for traffic destined to the server farm's Versatile Interface Processor (VIP), port 443. The CSM forwards port 443 traffic to the SSL module without modifying the destination IP address. That is, it performs no server Network Address Translation (NAT).