Beruflich Dokumente
Kultur Dokumente
Request:
Client Request -> Lab_1_VS -> Lab_1_Pool -> Pool Member
Response:
Pool Member -> LTM Self IP -> Client
The goal of this lab is for the student to attempt a connection to the virtual server and
troubleshoot the issue that occurs. A guide is included below to provide a rough process
to finding and fixing the problem.
1. What is the status of the LTM object related to this traffic flow?
a. Are all objects showing ‘Available’?
b. Are any ‘Unknown’ statuses explained?
2. Is the full bi-directional traffic flow understood? Is the configuration of the
device consistent with this flow?
a. Make a flow diagram with expected IPs included
3. What type of issue is occurring? What protocol layer is producing the error?
a. Enable RST logging and ‘tail –f /var/log/ltm’. What do you see?
4. What does the connection table show?
a. TMSH: “show /sys conn ?”
5. Perform a network capture
a. What interface should you capture on?
b. What are you looking for?
c. Remember, the traffic flow should be represented in the capture. Are all
the expected flows present?
1
Lab 2 – SSL Troubleshooting
In this lab we will perform a capture on the Lab_2_VS virtual server. This virtual server
is configured as a port 443 service offloading SSL traffic and sends request to
Lab_2_Pool (configured identically to Lab_1_Pool).
1. Open the Virtual Server in a web browser. Accept any certificate errors that are
presented until the diagnostic page is shown
2. Start a tcpdump and write the packets to a file in the /var/tmp directory
3. While holding down ‘Shift’ refresh the page in the browser twice
4. Stop the tcpdump
5. Use the ssldump utility to decrypt the capture
6. Examine the output from ssldump
a. Can you see the different phases of the SSL handshake?
b. Did the ssldump decrypt the data properly?
7. Export the capture file from your device and open it in WireShark. Examine the
data that WireShark present and identify the SSL handshake components.
2