SSLi integrate with VM

Which topology should I use to connect Hardware SSLi with a VM security device.

I tired single path L3 topology, still there's no traffic coming to the VM. How can I configure the SSLi-in to send decrypted traffic to a VM

Comments

  • The topology should not matter miuch....you just need to ensure that the packet pathway must explicitly pass through the VM and does not have the ability to bypass it.

  • ce07ce07 Member

    @dmckillip that's the question, how can the traffic reach VM? can we tell SSLi to forward decrypted traffic to the security device VM?

  • mdunnmdunn Member ✭✭

    Assuming a L3 topology with a L3 security device acting as a routed hop, ssli_in will need to be in the same vlan as the security device inside, and ssli_out will need to be in the same vlan as security device outside.

    On ssli_in, the service-group should contain a slb server for the security device inside interface. When ssli_in forwards decrypted traffic, the destination IP will be the same, but the destination MAC address will be the security device.

    The Security Device outside interface should have a default route pointing to ssli_out.

    If you can share a high level topology diagram of A10 + VM Security Device, that would be helpful.

  • ce07ce07 Member

    @mdunn thanks a lot for your reply.

    I have attached a topology diagram. hope that helps.


  • mdunnmdunn Member ✭✭

    Hello - I added some placeholder labels to the links. As long as vlans / routes are correct, there should be no issue sending traffic through this environment


  • ce07ce07 Member

    Thank you @mdunn let us try this out.

Sign In or Register to comment.