Redirect multi SSL traffic to the same eksternal/internal adresse in Cisco pix

sfanayei · ‎12-03-2009

Hi all,

I have a SSL Certificate isue in my web server. However I have a web server who has external/internal ip 192.38.X.X/10.100.x.x. The ip adress is translatet az 1:1 in my pix firewall. How is it possible to redirect multi ssl traffic to my webservers with different port than 443. The reasone to do is that my webserver hosting more than one SharePoint Site. And server won't accepet more than one certificate on 443 port. Many tanks in advance.

Herbert Baerten · ‎12-03-2009

I'm not sure if I understand the question correctly... if you have 1:1 nat, then the users can connect to 192.38.X.X port 443 which gets translated to 10.100.x.x port 443, and they can connect to 192.38.X.X port 444 which gets translated to 10.100.x.x port 444, etc.

If you want all sites to be on port 443, then you'll need different ip addresses for each site.

static (dmz,outside) 192.38.X.1 443 10.100.x.x 443

static (dmz,outside) 192.38.X.2 443 10.100.x.x 444

static (dmz,outside) 192.38.X.3 443 10.100.x.x 445

etc.

Using the same public ip and same port for all sites is not possible, since the only distinction is in the HTTP headers, which are invisible (encrypted) for the FW.

hth

Herbert