SSL"s and NLB

SSL"s and NLB

am 17.07.2006 21:04:49 von jose

Folks,

I have 3 url's webmail.a.com, webmail.b.com and webmail.c.com pointing
to a single public IP. I also have 2 OWA FE servers doing NLB with a
single default website. We would like to purchase an SSL from Thawte
and they told us that we need 3 public IP's an public IP per domain
name. Also that we need 3 separate sites on IIS for each domain where
we can apply each certificate. Now on the NLB management we have a
cluster group with the 2 internal IP's and 1 virtual IP assigned. I
understand that I would need to have 3 virtual IP's so that we can do a
1:1 nat on the checkpoint firewall. Now on the IIS site do I need to
assign its own internal IP or bind it with the VIP one. I mean in
summary I believe i need

3 websites on each FE
3 VIP's
3 entries 1:1 Nat on the firewall to the VIP's

I am not sure how to assign the IP's on the sites itself or on the
NIC's for each FE. Both Fe's have 2 NIC's one is the management NIC and
the other one is the one for NLB.

Please help. I have a diagram of our enviroment if someone decides to
help me my email is jose_soto@hotmail.com

Re: SSL"s and NLB

am 18.07.2006 05:20:59 von Bernard

Don't multipost..... see reply in .iis

--
Regards,
Bernard Cheah
http://www.iis.net/
http://www.iis-resources.com/
http://msmvps.com/blogs/bernard/


"Jose" wrote in message
news:1153163089.046807.126300@i42g2000cwa.googlegroups.com.. .
> Folks,
>
> I have 3 url's webmail.a.com, webmail.b.com and webmail.c.com pointing
> to a single public IP. I also have 2 OWA FE servers doing NLB with a
> single default website. We would like to purchase an SSL from Thawte
> and they told us that we need 3 public IP's an public IP per domain
> name. Also that we need 3 separate sites on IIS for each domain where
> we can apply each certificate. Now on the NLB management we have a
> cluster group with the 2 internal IP's and 1 virtual IP assigned. I
> understand that I would need to have 3 virtual IP's so that we can do a
> 1:1 nat on the checkpoint firewall. Now on the IIS site do I need to
> assign its own internal IP or bind it with the VIP one. I mean in
> summary I believe i need
>
> 3 websites on each FE
> 3 VIP's
> 3 entries 1:1 Nat on the firewall to the VIP's
>
> I am not sure how to assign the IP's on the sites itself or on the
> NIC's for each FE. Both Fe's have 2 NIC's one is the management NIC and
> the other one is the one for NLB.
>
> Please help. I have a diagram of our enviroment if someone decides to
> help me my email is jose_soto@hotmail.com
>