Loadbalancer L7 VIP is configured as end to end SSL and the server side SSL is turned off.

URLs routed through the Load Balancer. The Virtual IP (VIP) fails to load the webpage, likely resulting in a connection timeout or error.

VMware NSX

The Load Balancer VIP is intended to function with an End-to-End SSL architecture. However, the configuration is incomplete:

• Client-Side SSL is currently configured (handling encryption between the client and the Load Balancer).

• Server-Side SSL is currently disabled (handling encryption between the Load Balancer and the backend server)

In an End-to-End SSL setup, the Load Balancer decrypts the traffic from the client and must re-encrypt it before sending it to the backend servers. Because Server-Side SSL is turned off, the handshake with the backend servers fails.

To resolve this issue, you must enable and configure Server-Side SSL on the Virtual Server to ensure traffic is re-encrypted before reaching the backend.

Steps:

1. Log in to the NSX Manager or Load Balancer administration console.

2. Navigate to the Load Balancer > Virtual Servers > L7 HTTP/HTTPS.

3. Select the problematic VIP.

4. Edit the SSL Configuration.

5. Enable both Client-Side Server-Side SSL.

6. Select the appropriate Client Certificate or Server SSL Profile required for the backend communication.

7. Save and apply the configuration.

8. Verification: Attempt to access the internal URL again to confirm the webpage loads successfully.

Reference: For further details on configuring SSL transport rules, please refer to the Broadcom documentation: Configure Transport Phase Load Balancer Rules (VMware NSX 4.2)

Configure Transport Phase Load Balancer Rules (VMware NSX 4.2)