No announcement yet.

Direct Access through port 443

  • Filter
  • Time
  • Show
Clear All
new posts

  • Direct Access through port 443


    ​This is more of a conceptual question.

    If I have a router, and behind it a firewall redirecting the HTTPS traffic for owa and other web sites within the corporate network, how can I implement a 2-network-card kind of DirectAccess deployment.

    I am drawing some possible scenarios and none fit well.

    For instance:

    1- Internet-facing router. ( 88. 212. 11. 222 and
    2- Behind the router a firewall to the LAN. ( and
    3- Beside the firewall , a Direct Access server to the LAN too ( and

    But then, how does the internet-facing router redirect the HTTPS traffic to both and

    Sorry if it is too basic a question, I am learning here a lot.
    Madrid (Spain).

  • #2
    It doesn't. In my experience you can only have a single NAT policy to redirect your traffic to a particular server unless you have a policy that states that all traffic from this IP send to here on 443. This rule typically sits above the rule where all other traffic from 443 is.i.e.

    NAT Policy 1: All traffic from gets redirected to
    NAT Policy 2: All traffic destined for 443 gets redirected to

    Hope that makes sense.


    • #3
      Thanks wullieb1.

      ​Yes, it does make sense.
      Madrid (Spain).


      • #4
        Dunno if this is just in the wrong forum, but you couldn't do a published DA deployment in Server 2008 R2 as far as I can remember. It was flaky to say the least, and often didn't work, so my memory might be failing me, but I'm pretty sure 2008 R2 DA required to be on the edge (I.e. not behind a NAT device) and with 2 external IPs assigned.

        Assuming you are talking about 2012/R2 DA, then publishing multiple SSL websites to the internet usually requires multiple external IP addresses, one per SSL website, assuming you are using standard ports, and many SSL applications won't allow the use of non-standard ports.
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        Cruachan's Blog


        • #5
          Thanks a lot !
          Madrid (Spain).