dkraut
asked on
Microsoft TMG / ISA Hairpinning?
Can microsoft TMG / ISA perform hairpinning? Specifically, can an internal client access the external IP address of a published web server?
ASKER
yeah, I hear you, but the web team wants to test the sites via SSL even if SSL is offloaded on the ISA. So when they hit the site from within, https fails since the cert is only on TMG/ISA.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Another issue that came up is using TMG to load balance a farm of internal servers. How can the internal users access the load balanced farm if if the VIP is an external IP address?
Web Publishing is based on a Reverse Web Proxying,..so yes this is possible.
Server Publishing (non-web server publishing) is based on a Reverse NAT,...and this process is impossible with that due to the way NAT generically functions (it's a NAT thing,...not a TMG thing).