Sharepoint 2010 External Facing

Don't we all love sharepoint, there are always questions. I have a couple about setting up for External Access to all employees so this can be used outside the local network.
But first I was doing this on local dns to check and make sure the external names would work when selecting links on different pages.  
Then my second question would be do I need one certificate for each site name or one certificate with both site names?

Things that have been Done

IIS manager the sites are set for windows Authenication.

I have alternate mapping setup in sharepoint
Default   Internet
Default  Internet

In IIS manager
The each local site has a binding for  

In Local DNS Forward Zone
Both local Sites have A records for attached to Server IP (which work)
PTR records created for pointing to
CNAME record created for connecting to
CNAME record created for connecting to

When I use nslookup shows Server IP and the website works
nslookup on resolves, ip, and aliases same results with intranet site
but when entering in the browser it doesn't show the site same with

It's pointing to the correct local DNS , I've done dnsflush & register, IISreset on Sharepoint, deleted temp content/cookies from internet, added to trusted sites.

Any help is appreciated. What steps am I missing.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

thomasdavisAuthor Commented:
To add to this I configured the cross-firewall access zone in central admin so in Site information under either site is shows the correct external site
Justin SmithSr. System EngineerCommented:
To answer your second aren't using https, so you don't need certificates period.

I'm not clear on what your first question is.

I will say, when you add an AAM to a web app, you have to go into IIS and manually add the corresponding binding.  DId you do this?  Each of your sites in IIS should have two bindings.
thomasdavisAuthor Commented:
My first question is I'm trying to get the AAM names to work on the local network and but nether will display the site in a browser.

Yes the bindings in IIS are added to each site  = host name - mysite / port 80 / host name - / port 80 = host name - / port 80  / host name - / port 80
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

Justin SmithSr. System EngineerCommented:
When you ping the names, you get the correct internal IP address?
thomasdavisAuthor Commented:
When using a Ping i don't the internal IP from sites
Justin SmithSr. System EngineerCommented:
I don't understand your response.  Are you saying when you ping the address, it doesn't resolve an IP at all?

I'm 99% sure this problem resides outside of SharePoint.  EIther DNS or network/routing.
thomasdavisAuthor Commented:
Right when i ping the external site address i don't receive an IP, i figured it had to do with both sharepoint and dns. I wanted to make sure everything in sharepoint was set up correctly first.
Now i need to figure out what type record in DNS needs to be created to send to or to
Justin SmithSr. System EngineerCommented:
Just make them CNAMES and point them to  your internal server name (not internal sp name).
thomasdavisAuthor Commented:
The only problem is when I create a CNAME in local dns the alias name is  So do i create a sub domain in DNS called then create a cname pointing to
Justin SmithSr. System EngineerCommented:
Do you have two forward zones in DNS?  One for domain.local, and one for

If so, you add a CNAME to the zone called sharepoint and point it to servername.domain.local.  You do the same thing for mysite.
thomasdavisAuthor Commented:
I only have one for .  So do I need create a sub zone with
Justin SmithSr. System EngineerCommented:
You need another forward lookup zone, for

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SharePoint

From novice to tech pro — start learning today.