Nimbostratus
EmployeeDorum,
The issue is a bit hard to determine because you're showing both sides of the proxy. It's also a common misconception that you need a certificate in the server SSL profile. You might only need a certificate (and private key) there if you needed to perform some sort of mutual authentication to the backend server. In most cases, the default server SSL profile is sufficient for re-encryption to the backend server. It will silently ignore any certificate mismatch or trust issues.
So then the next step is to isolate the problem. You can do that by simply pointing the capture at one of the two VLANs. I'd start on the outside and use TCPDUMP and SSLDUMP. Example:
tcpdump -lnni [external VLAN] host [VIP IP] [and additional filters]
ssldump -AnNd -i [external VLAN] port 443 [and additional filters]
Given that this is a standard VIP, you should see the client SSL handshake happen before any server side SSL handshake, so if it stops at the ClientHello (and presumably someone issues a reset), then there's a good chance the problem is on the client side. Otherwise flip to the server side VLAN and capture again.