Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

WRVS4400N and Multiple Web Servers

Hi all,

Sorry for what is likely a dumb question but I have multiple servers running web apps, all secured by SSL, that are behind the 4400N I purchased (intending to use it to replace my ISA 2006 box). Is there any way I can setup the 4400N so that incoming traffic on 443 gets directed to the correct web server on my internal network? I'm thinking the answer is no but thought I'd ask.

Thanks!

3 REPLIES
New Member

Re: WRVS4400N and Multiple Web Servers

How do you know which is the correct web server?

New Member

Re: WRVS4400N and Multiple Web Servers

Well I guess the device wouldn't know the correct web server, which was kind of the point of my question. ISA 2006 allows me to publish multiple servers using the same port and then redirect as appropriate, for example:

External FQDN of mail.example.com on 443 => Internal FQDN of serverA.domain.com on 443

External FQDN of web.example.com on 443 => Internal FQDN of serverB.domain.com on 443

and so on...

My question was can I replicate this behaviour with the 4400N device and like I said, I think the answer is no. If that's the case then I'll likely just stick a Unified Access Gateway box behind the 4400N and use it to publish my various servers, though I'd prefer not to.

New Member

Re: WRVS4400N and Multiple Web Servers

No. You cannot do that with the WRVS4400N. You can only forward port 443 on your public IP address exactly once, i.e. to a single LAN IP address. The router does not know which FQDN you have used to access port 443 on the public IP address. That's a general problem of HTTPS as it wraps HTTP inside of an encrypted SSL tunnel. The host name accessed is part of HTTP, i.e. it's inside the SSL tunnel. If the router had to redirect the traffic to different servers it would have to operate as SSL endpoint to learn the host name information of HTTP. The router does not support this.

743
Views
0
Helpful
3
Replies
CreatePlease to create content