Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Does SSL need different internal IPs to work?

Status
Not open for further replies.

jacktripper

Programmer
Dec 5, 2001
124
US
I'm a bit fuzzy on the how to have multiple sites on the same IIS 6.0 box with SSL for them. I know you can't use the same IP address with host headers and have multiple sites... because the IP address has to be unique for the SSL to function.

So, I have 2 external IP addresses now for 2 different domain names that both need SSL. However, once a user hits our network, both external IPs are pointing to the same internal IP address of the single IIS box. This doesn't seem to work.

I guess I am asking: do I also need 2 internal IP addresses that are different in order for the SSL to work as planned? Is that even possible to have 2 internal IP addresses pointing to the same server?

And before anyone says "wildcard SSL"... that is not something we want to implement.
 
If I understand what you are describing, we do it the way you describe where you have two internal IP addresses that are translated through to external IP addresses by our Cisco PIX. You have to make sure you assign the IP Addresses (internal) to the NIC. Since I don't know your level of experience I will walk you through it.

Go into the Network connections where you will see the properties for your NIC. Go to the properties of the Internet Protocol(TCP/IP). Select Advanced. On the IP Settings Tab you can click Add under IP Address. Tell it the 2nd, 3rd, 4th or how ever many internal IPs you need as well as the Subnet Mask.

Once they are applied to the NIC you can go into IIS and tell each web site which IP to use. To do this go into the properties of the web site, go to the Web Site tab, In the drop down block for the field IP Address: you will see the default setting of (All Unassigned). Change this to the IP that you want for that site and do the same for the other site. Once you have your translations set up on your firewall to translate the external IP to that of the internal one for the given site you should be all set.

This is how we do it at least in our environment.
 
The way sennister has described it is the same way (more or less) as I have it setup as well and I would say it's the correct way to do it.

You can have as many IPs as you like on one server nic (within reason), I've not had any issues with 20+ on a single nic, provided ofcourse they are all within the same subnet.


The only catch with multiple IPs is any outbound connections from the server will always originate from the original IP that was assigned unless you fiddle with the local routing table. This though isn't a problem for a simple webserver.
 
Thanks!! I am far from the expert, but I will relay this message and test a few things to see what works.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top