From: Tim Maestas (lbIZZATdnsconsultants.com)
Date: Mon Nov 25 2002 - 01:44:23 EST
I would expect this to work fine for you, since the conversation on both
sides of the BigIP is in the clear. I would take some tcpdumps on the
BigIP to make sure the cookies are being set/returned properly.
As far as terminating SSL on the BigIP, this would work, but so should the
way you have it. Terminating on the BigIP gives you the advantage of
getting rid of your reverse proxy, if it's only there to do SSL.
-Tim
On Sun, 24 Nov 2002, David Santeramo wrote:
> persistance is the problem. The user would get to the
> app server but when the user requested another page
> the session would not be kept.
>
> Persistance will work if I use source IP but not work
> uusing cookie insert
>
> So what you are telling me is that I am having the
> problem because of the 443-80 SSL tranaction on the
> reverse proxy?
>
> Will I be able to use cookie persistance if I turn the
> BigIP into an SSL proxy?
>
> --- Tim Maestas <lbIZZATdnsconsultants.com> wrote:
> >
> > So wait, is it just persistence that is your
> > problem, or is it not working
> > at all when going through the reverse proxy? How
> > did you have persistence
> > configured originally, when it was not working?
> >
> > When using Siteminder with load balancers and the
> > port the webservers are
> > listening on is not the port originally requested by
> > the client, you need
> > to use the GETPORTSFROMHEADER and HTTPSPORT
> > paramaters in the
> > configuration file for your sm web agents (set
> > getportsfromheader to yes
> > and HTTPSPORT to 80 for your example). This ensures
> > that the redirects
> > that Siteminder sends back are correct.
> >
> > -Tim
> >
> >
> > On Sat, 23 Nov 2002, David Santeramo wrote:
> >
> > > I am having a strange problem with BigIP and SSO
> > > enabled applications. Essentially the flow is as
> > > follows:
> > >
> > > client ---443---LD---443---Reverse
> > > Proxy----80---BigIP----80----app server
> > >
> > > For some reason the apps are working fine when I
> > > access them directly but are losing session when I
> > > access via the reverse proxies. The reverse
> > proxies
> > > are doing the SSL transaction.
> > >
> > > I have had to step back to source IP persistance
> > but
> > > this is not as effective for Intranet apps.
> > >
> > > Any suggestions?
> > >
> > > __________________________________________________
> > > Do you Yahoo!?
> > > Yahoo! Mail Plus – Powerful. Affordable. Sign up
> > now.
> > > http://mailplus.yahoo.com
> > > ____________________
> > > The Load Balancing Mailing List
> > > Unsubscribe:
> > mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
> > > Archive: http://vegan.net/lb/archive
> > > LBDigest: http://lbdigest.com
> > > MRTG with SLB: http://vegan.net/MRTG
> > > Hosted by: http://www.tokkisystems.com
> > >
> >
> > ____________________
> > The Load Balancing Mailing List
> > Unsubscribe:
> > mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
> > Archive: http://vegan.net/lb/archive
> > LBDigest: http://lbdigest.com
> > MRTG with SLB: http://vegan.net/MRTG
> > Hosted by: http://www.tokkisystems.com
> >
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus – Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> ____________________
> The Load Balancing Mailing List
> Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
> Archive: http://vegan.net/lb/archive
> LBDigest: http://lbdigest.com
> MRTG with SLB: http://vegan.net/MRTG
> Hosted by: http://www.tokkisystems.com
>
____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
This archive was generated by hypermail 2.1.4 : Mon Nov 25 2002 - 01:58:04 EST