Forum Discussion
Kevin_Stewart
Sep 05, 2012Employee
Ahh. ProxySSL allows a client and back end server to communicate directly, exchanging keys, while the BIG-IP transparently negotiates the same keys. If your back end server is also SSL, this method won't work because a) the internal virtual server is essentially in the way, and b) I don't believe you can "stack" ProxySSL configs.
Unless you specifically have a requirement for end-to-end SSL, you should terminate the traffic on the external VIP and re-encrypt (if necessary) on the internal VIPs and skip ProxySSL.