Platform: https://racks.uninets.com
Lab Name: F5 LTM
Task
Bigip-1 creates a virtual server, vs_Https172.16.100, with destination IP as 172.16.100.2 @ portno. 80, enable the http profile, select the default ssl pool on clinetssl and verify the ssloffloading behavior.
Also, enable the server side SSL profile on Bigip-1 as the server ssl is now the virtual server has both the cliient profile and the server side default profile enabled now.
Bigip-1 will create a self-signed custom certificate with the name cert_custom. Next, create a custom profile for ssl clients with the name custom client. Call this custom certificate in this new profile and apply it to the vs_https.
Configuration
Open the workstation, then open the browser. Get the Big-ip 1 access using https to the management IP address.
After clicking on login, the home page will be displayed.
Create a new virtual server named VS_Https and set it to listen on port no. It took 443
Click on the virtual servers shown below
The page below will open as soon as you click on virtual server. It will display the virtual server list.
The page below will open as soon as you click on virtual server. It will display the virtual server list.
Create a new virtual server named VS_Https and set it to listen on port number. Click on create to create it
Once you click on the create next page button, it will open:
In the configuration section, select the http profile. Next, select the sslclient (default profile) from the list.
Scroll down and choose the default pool as http, as shown below. Click on Finish.
Once you click on Finish, the virtual server vs_https will be shown in the list of created Virtual Servers.
Now, generate https traffic using your browser. Clear the history, cache, and cookie first
You will receive an error message when you generate https traffic. This is because your browser has not trusted the self-signed certificate. Continue clicking on continue
Once you click on Continue, the next page will open.
You can now verify the ssl-offload behavior using the cli as shown below
[[email protected]:Active:Standalone] config # tmsh
[email protected](bigip-1)(cfg-sync Standalone)(Active)(/Common)(tmos)# show sys connection
Do you really display all connections? (y/n).
Sys::Connections
172.16.100.115.50402 172.16.100.2.443 172.16.100.115.50402 172.16.11.4.80 tcp 80 (tmm: 0), none
172.16.100.115.50396 172.16.100.2.443 172.16.100.115.50396 172.16.11.4.80 tcp:87 (tmm : 0) none
Total records returned: 2
As you can see, the client side connection is at port number 80. 80, while the server side connection connection is in plain text at port number. 80.
You can also use CLI to verify the virtual server settings
[email protected](bigip-1)(cfg-sync Standalone)(Active)(/Common)(toms)# list ltm virtual vs_https
{ltm virtual vs_https {destination 172.16.100.2:https ip-protocol tcp mask 255.255.255.255 pool pool_http profiles ltm virtual https destination 172.16.00.2:https-ip-protocol TCP mask 255.255.255.255.255 pool_http profiles clients’ context client side tcp
source 0.0.0.0/0 translate-address enabled translate-port enabled vs-index 49|source 0.0.0.0/0 translate address enabled translate-port enabled}
We have now completed the ssl offloading with the default ssl profil. Now you can configure the custom client profile.
Try free demo for Instructor-led training here: https://www.uninets.com/