While working with customer to publish their Lync Simple URLs through a F5 Big IP running v. 10.2.0, we were having some issues with getting the page to come up externally. DNS entries all seemed to be correct and pointing to the proper external IP addresses. We had verified the firewall rules were configured correctly to perform Port Address Translation from the Public IP on port 443 to the Internal/DMZ F5 VIP on port 4443, and we could see the traffic getting passed all the way through to the Front End server(s). Wireshark captures confirmed this as well.
From the F5 Lync Deployment Guide, found here, the virtual server was configured as follows:
NOTE: Under the Profiles column, the certificate used by the Big IP must be the same certificate installed on the client. Since this is externally facing, it should also be a Public Certificate from one of the approved CA vendors. (http://support.microsoft.com/kb/929395)
To ensure the SSL tunnel could be maintained back to the Front End(s), we had generated the CSR on one of the Front Ends for the External Web Services. We then exported it with the private key (and the root certificate chain separately) and installed it on all of the other Front Ends in the pool, as well as F5 Big IP.
We kept comparing the settings and everything look like it was configured correctly. However, we were missing one setting - the SSL Profile (Server) was set to None. Setting this to the profile with the correct certificate(s) installed got everything working again. Below are some screen captures of the final working settings that were applied to both the Virtual Server and the Pool.
Feel free to comment below.