Port Forward 443 and SSL ?'s

[marley1]

On our LAN we have a SBS server and Level Platforms server and soon to be another Ticket Server all hosting an app runnin on 443. OWA, Service Center and Spiceworks Help Desk.

Each has it's own URL:
Remote.domain.com/owa
Sc.domain.com/owa
Support.domain.com

How can I forward Https to these servers? The one company said some Can port forward by URL another guy said you can forward to your internal dns

Any ideas?

Also if done wouldn't a wildcard ssl cover all these?

 

[gimp]

Also if done wouldn't a wildcard ssl cover all these?

yes.
we have a wildcard cert to support all our *.domain.com sites

 

[marley1]

Looks like I need to do IIS virtual hosts for the multiple port forwards. Still reading up the support tool uses IIS. The other tool uses something else not sure if this will work

 

[marley1]

This also called host header. Any input?

 

[marley1]

Anyone?

 

[-Dragon-]

Reverse proxy?

 

[Haven]

Are all these services on the same server?

If so, then you can just forward in your firewall everything going to IP x.x.x.x to y.y.y.y (x.x.x.x being the external address, y.y.y.y being the internal address). Then you let IIS handle it.

Named hosting can be done pretty easily. Right click on the website, click properties, on the Web Site properties page click Advanced, Click on edit, enter Host Header Value (www.somesite.net) click OK, OK, OK. or done.

And you are done.

If they are not all on the same server, then it gets more tricky. Which firewall do you have? If it doesn't do named hosting or Host Header, then you might have to do some proxying off another box.

 

[marley1]

They are not on same servers.

192.168.1.10 - SBS Box - OWA, RWW, etc
192.168.1.11 - Service Center Level Platforms
Soon to have Spice Works running but may be using totally different port

Level Platforms is on IIS.

We have the Cisco RV220W

I saw some other threads about doing it through teh DNS portion on the internal DNS server (SBS) but that doesn't seem to make sense.

 

[Jay_2]

Hom many IP do you get from your ISP?

 

[Nate7311]

Hom many IP do you get from your ISP?

This is where I'd take it next. No need to add complexity in your network when an additional IP would take care of the entire issue.

 

[SJConsultant]

You have two options:

Use a reverse proxy like Microsoft's ISA Server

1 to 1 Static mapping of external IPs to internal IPs

 

[marley1]

I have 5 external but then I need a router for each server and wouldn't be on same network right?

 

[Jay_2]

nope. But looking into this I am not sure if the Linksys erm I mean Cisco RV220W can use multiple external ips Look into 1 to 1 NAT

 

[marley1]

I can replace it but dot want a huge expense if not needed what do u recommend ?

 

[-Dragon-]

You can assign more than one IP to your gateway, and the gateway can then easily route all requests to IP A to server A, IP B to server B, etc... but then each IP has to be associated with a different public domain name/subdomain, so www.domain.com would resolve to IP A and get rerouted to server A to say support, mail.domain.com would resolve to IP B and route to your mail server, and sc.domain.com would have IP C and route to your service center, this would be considered "easy mode" as far as setup complexity. But if you wanted to have domain.com/owa go to mail then domain.com/sc go to service center and domain.com/support go to your support server then you'd have to do the reverse proxy thing, which depending on your setup may involve quite a bit more configuration, possibly a new firewall/reverse proxy server.

 

[Jay_2]

I would test the One to One NAT on the router first.

 

[SJConsultant]

According to Cisco's website the RV220W supports one to one nat.