Application Delivery (ADX)

Reply
Contributor
Posts: 39
Registered: ‎05-04-2009

Is is possible to use source-nat together with SSL termination (SSL offload)?

Is is possible to use source-nat together with SSL termination (SSL offload)?

SSL traffic is not working anymore as soon as I enable source-nat globally. Normal HTTP traffic is working.

(running @ release <= 11.0

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: Is is possible to use source-nat together with SSL termination (SSL offload)?

This is supported and it is  working. Be careful with it - I have seen the following problem multiple time:

The SSL offload is getting done at a special "processing blade". This blade is independent from the other processor and it requires a dedicated IP address as source-nat-ip. All other traffic (like plain text HTTP traffic does not require an additional IP). Please ensure you do have a source-nat-ip for SSL traffic configured. At the MASTER ServerIron:

server source-nat-ip <ip-address> <netmask> <gateway> port-range 2 for-ssl

at the BACKUP ServerIron

server source-nat-ip <ip-address> <netmask> <gateway> port-range 1 for-ssl

This is looking like server source-nat-ip 192.168.100.122 255.255.255.0 0.0.0.0 port-range 2 for-ssl or similar most of the time. Check if you do have a SSL source-nat-ip or not.

THX!

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.