Announcement

Collapse
No announcement yet.

Direct Access through port 443

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Direct Access through port 443

    Hello,

    ​This is more of a conceptual question.

    If I have a router, and behind it a firewall redirecting the HTTPS traffic for owa and other web sites within the corporate network, how can I implement a 2-network-card kind of DirectAccess deployment.

    I am drawing some possible scenarios and none fit well.

    For instance:

    1- Internet-facing router. ( 88. 212. 11. 222 and 192.168.1.1)
    2- Behind the router a firewall to the LAN. (192.168.1.2 and 192.168.2.1)
    3- Beside the firewall , a Direct Access server to the LAN too (192.168.1.3 and 192.168.2.2)

    But then, how does the internet-facing router redirect the HTTPS traffic to both 192.168.1.2 and 192.168.1.3?

    Sorry if it is too basic a question, I am learning here a lot.
    -
    Madrid (Spain).

  • #2
    It doesn't. In my experience you can only have a single NAT policy to redirect your traffic to a particular server unless you have a policy that states that all traffic from this IP send to here on 443. This rule typically sits above the rule where all other traffic from 443 is.i.e.

    NAT Policy 1: All traffic from 123.112.123.112 gets redirected to 192.168.1.2
    NAT Policy 2: All traffic destined for 443 gets redirected to 192.168.1.3

    Hope that makes sense.

    Comment


    • #3
      Thanks wullieb1.

      ​Yes, it does make sense.
      -
      Madrid (Spain).

      Comment


      • #4
        Dunno if this is just in the wrong forum, but you couldn't do a published DA deployment in Server 2008 R2 as far as I can remember. It was flaky to say the least, and often didn't work, so my memory might be failing me, but I'm pretty sure 2008 R2 DA required to be on the edge (I.e. not behind a NAT device) and with 2 external IPs assigned.

        Assuming you are talking about 2012/R2 DA, then publishing multiple SSL websites to the internet usually requires multiple external IP addresses, one per SSL website, assuming you are using standard ports, and many SSL applications won't allow the use of non-standard ports.
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        sigpic
        Cruachan's Blog

        Comment


        • #5
          Thanks a lot !
          -
          Madrid (Spain).

          Comment

          Working...
          X