Redirect multi SSL traffic to the same eksternal/internal adresse in Cisco pix

Unanswered Question
Dec 3rd, 2009
User Badges:

Hi all,

I have a SSL Certificate isue in my web server. However I have a web server who has external/internal ip 192.38.X.X/10.100.x.x. The ip adress is translatet az 1:1 in my pix firewall. How is it possible to redirect multi ssl traffic to my webservers with different port than 443. The reasone to do is that my webserver hosting more than one SharePoint Site. And server won't accepet more than one certificate on 443 port. Many tanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Herbert Baerten Thu, 12/03/2009 - 23:51
User Badges:
  • Cisco Employee,

I'm not sure if I understand the question correctly... if you have 1:1 nat, then the users can connect to 192.38.X.X port 443 which gets translated to 10.100.x.x port 443, and they can connect to 192.38.X.X port 444 which gets translated to 10.100.x.x port 444, etc.

If you want all sites to be on port 443, then you'll need different ip addresses for each site.

static (dmz,outside) 192.38.X.1 443 10.100.x.x 443

static (dmz,outside) 192.38.X.2 443 10.100.x.x 444

static (dmz,outside) 192.38.X.3 443 10.100.x.x 445


Using the same public ip and same port for all sites is not possible, since the only distinction is in the HTTP headers, which are invisible (encrypted) for the FW.




This Discussion