How to host multiple SSL websites using multiple network cards rou

Hi,

I've been trying to get this working for a while but I'm getting nowhere fast!

I've got two websites using separate IP addresses on separate network cards,
both with their own SSL certificates. The problem is that windows only
allows a single default gateway on one external network card and as such I
can only get one site working at one time. (Each network card connects to a
different firewall with a different public IP address).

I think I'm missing something obvious, but no matter what I try (static
routes mapping each public ip to a particular route - 255.255.255.255 mask)
nothing is working.

I know that I can get 2 sites working using a wildcard certificate, but I
need to use separate certificates for each site.

Does anyone have any ideas?

Many Thanks.

You can't do that (as you've noticed). The Default Gateway is *Global* for
the whole machine, hence there can be only one,...it must be assigned at the
Nic that is within the same subnet as the Gateway.

Options:
1. Add multiple IP#s to the same Nic in the same subnet and assign them to
the Sites.
OR
2. Use the Hsotheader setting to distiguish one site from the other so that
you can have all the sites on the same IP#/port#

Sites consist of IP#s, Port#s, and Hosts Headers,...as long as one of the
three is unique to the site the rest can be common to all your sites.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"DPL" <(E-Mail Removed)> wrote in message
news:E061AB9C-13E4-49EC-8915-(E-Mail Removed)...
> Hi,
>
> I've been trying to get this working for a while but I'm getting nowhere
> fast!
>
> I've got two websites using separate IP addresses on separate network
> cards,
> both with their own SSL certificates. The problem is that windows only
> allows a single default gateway on one external network card and as such I
> can only get one site working at one time. (Each network card connects to
> a
> different firewall with a different public IP address).
>
> I think I'm missing something obvious, but no matter what I try (static
> routes mapping each public ip to a particular route - 255.255.255.255
> mask)
> nothing is working.
>
> I know that I can get 2 sites working using a wildcard certificate, but I
> need to use separate certificates for each site.
>
> Does anyone have any ideas?
>
> Many Thanks.
>
>

Hi Phillip,

Thanks for your response.

I can't use option 2 because I need to use separate SSL certificates which
isn't supported for host headers.

As far as option 1 is concerned, I need to connect to two different
firewalls (as they can only forward http/https traffic to a single host)
which respresent two public IP's and can't see a way of doing this with a
single NIC.

Kind Regards,

Dave

"Phillip Windell" wrote:

> You can't do that (as you've noticed). The Default Gateway is *Global* for
> the whole machine, hence there can be only one,...it must be assigned at the
> Nic that is within the same subnet as the Gateway.
>
> Options:
> 1. Add multiple IP#s to the same Nic in the same subnet and assign them to
> the Sites.
> OR
> 2. Use the Hsotheader setting to distiguish one site from the other so that
> you can have all the sites on the same IP#/port#
>
> Sites consist of IP#s, Port#s, and Hosts Headers,...as long as one of the
> three is unique to the site the rest can be common to all your sites.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
> "DPL" <(E-Mail Removed)> wrote in message
> news:E061AB9C-13E4-49EC-8915-(E-Mail Removed)...
> > Hi,
> >
> > I've been trying to get this working for a while but I'm getting nowhere
> > fast!
> >
> > I've got two websites using separate IP addresses on separate network
> > cards,
> > both with their own SSL certificates. The problem is that windows only
> > allows a single default gateway on one external network card and as such I
> > can only get one site working at one time. (Each network card connects to
> > a
> > different firewall with a different public IP address).
> >
> > I think I'm missing something obvious, but no matter what I try (static
> > routes mapping each public ip to a particular route - 255.255.255.255
> > mask)
> > nothing is working.
> >
> > I know that I can get 2 sites working using a wildcard certificate, but I
> > need to use separate certificates for each site.
> >
> > Does anyone have any ideas?
> >
> > Many Thanks.
> >
> >
>
>
>

"Chris" <(E-Mail Removed)> wrote in message
news:64D6ABFF-1149-4FD7-AA6A-(E-Mail Removed)...
> As far as option 1 is concerned, I need to connect to two different
> firewalls (as they can only forward http/https traffic to a single host)
> which respresent two public IP's and can't see a way of doing this with a
> single NIC.

Why not? You just put two IP#s on the webserver Nic. Keep them in the same
subnet.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/downlo...7/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/e...epartners.mspx
-----------------------------------------------------