Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Does SSL need different internal IPs to work?

Status
Not open for further replies.
jacktripper

jacktripper

Programmer
Dec 5, 2001
124
US
I'm a bit fuzzy on the how to have multiple sites on the same IIS 6.0 box with SSL for them. I know you can't use the same IP address with host headers and have multiple sites... because the IP address has to be unique for the SSL to function.

So, I have 2 external IP addresses now for 2 different domain names that both need SSL. However, once a user hits our network, both external IPs are pointing to the same internal IP address of the single IIS box. This doesn't seem to work.

I guess I am asking: do I also need 2 internal IP addresses that are different in order for the SSL to work as planned? Is that even possible to have 2 internal IP addresses pointing to the same server?

And before anyone says "wildcard SSL"... that is not something we want to implement.
 
Sort by date Sort by votes
If I understand what you are describing, we do it the way you describe where you have two internal IP addresses that are translated through to external IP addresses by our Cisco PIX. You have to make sure you assign the IP Addresses (internal) to the NIC. Since I don't know your level of experience I will walk you through it.

Go into the Network connections where you will see the properties for your NIC. Go to the properties of the Internet Protocol(TCP/IP). Select Advanced. On the IP Settings Tab you can click Add under IP Address. Tell it the 2nd, 3rd, 4th or how ever many internal IPs you need as well as the Subnet Mask.

Once they are applied to the NIC you can go into IIS and tell each web site which IP to use. To do this go into the properties of the web site, go to the Web Site tab, In the drop down block for the field IP Address: you will see the default setting of (All Unassigned). Change this to the IP that you want for that site and do the same for the other site. Once you have your translations set up on your firewall to translate the external IP to that of the internal one for the given site you should be all set.

This is how we do it at least in our environment.
 
Upvote 0 Downvote
The way sennister has described it is the same way (more or less) as I have it setup as well and I would say it's the correct way to do it.

You can have as many IPs as you like on one server nic (within reason), I've not had any issues with 20+ on a single nic, provided ofcourse they are all within the same subnet.


The only catch with multiple IPs is any outbound connections from the server will always originate from the original IP that was assigned unless you fiddle with the local routing table. This though isn't a problem for a simple webserver.
 
Upvote 0 Downvote
Thanks!! I am far from the expert, but I will relay this message and test a few things to see what works.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
197
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
229
microsGuy16
microsGuy16
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
123
hairlessupportmonkey
hairlessupportmonkey
juliog
  • Locked
  • Question
Unable to get Server 2019 GPO Redirected Folders to Work on Windows 7
Replies
1
Views
114
tacohunter
tacohunter
n2nuk
  • Locked
  • Question
using a work laptop to connect to corporate network
Replies
1
Views
83
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top