05-27-2009 10:30 AM
This is not possible - I am sorry. The reason for this is the following: DSR (direct server return) implies that the real servers are able to reply to the client bypassing the load balancer (ServerIron/ADX). The problem with SSL offload and DSR is the fact that the load balancer is the endpoint of the SSL communication. The client is establishing an SSL connection to the virtual server sitting at the ServerIron. The ServerIron itself is going to send the stuff as plain-text traffic to the real server.
The real server itself does not know anything about encryption/SSL and it is going to reply to the client directly bypassing the ServerIron. What happens is that the client gets plain-text traffic back from the real server. This traffic does not fit to the stuff the client is expecting and the session will breack. This is the simple explanation. It is a bit more complex because the backend connection would not even come up due to the strange communication flow.
All in all: SSL termination together with DSR for the real server behind the SSL service is not possible.
ATTENTION: This requires SSL offload - ensure you are using at least ADX OS >= 12.1.