Routing to multiple SSL sites

Posted on 2012-08-13
Last Modified: 2012-09-05
Hi, we're trying to find a way to clean up the way we are doing business. Currently we have several different sites and applications that require an SSL. We use a seperate router (and public address) to redirect 443 traffic to the appropriate internal server or machine that has the SSL. We would like to get down to one router, server or appliance and still have all of the traffic directed to the appropriate server that has the site or application SSL assigned. Can this be done with a router or sonicwall-type appliance, proxy server, IIS host headers, server on the DMZ side, or is their an application that can be used? I would prefer a way to keep the machine on the inside and have the router direct traffic to it. Thanks in advance for your ideas.

Question by:OGDITAdmin
    LVL 33

    Accepted Solution

    One business-class router using NAT is capable of routing your traffic appropriately.  You would create rules in the router to forward SSL traffic for a particular public IP address to an internal IP addresses.
    LVL 31

    Expert Comment

    Having multiple public addresses (e.g. a block of addresses) is the easiest way to do the routing - one public address per server. In taht case what Paulmacd said is correct - a good business class router can handle that.

    However if your intention is to save money by having just ONE public IP and you have multiple internal webservers that need to be served... you will run into some trouble. Routers only route by IP address. They CANNOT forward traffic based on the hostname used to resolve the site, so port 443 traffic can only be directed to a single webserver.

    In that case, a potential tool to keep in your bag of tricks is a "reverse proxy". Essentially a single, dedicated server which is responsible for accepting ALL port 443 traffic, and forwarding it onwards to the correct internal webserver based on hostname.

    A reverse proxy is implemented by Apache in your favourite flavor of linux. I'm sure IIS probably has an implementation of it as well but I don't have experience there.

    See Apache Reverse Proxy -

    Author Comment

    Thanks Paulmacd and Frosty555 for your input. Paul, I have a question. Can you assign multiple public IP addresses to the WAN port of the router? What router would you recommend? We are looking at a Sonicwall NSA2400, but are open to anything.

    LVL 33

    Expert Comment

    Most routers that aren't for home use will let you configure them for multiple IP addresses.  This is typically in the form of a range of contiguous addresses ( -, say).

    I've only ever used Cisco routers, but they should all function more or less equally.  I currently use a pair of Cisco 5510's and are very happy with them.  That said, my Cisco doesn't have the packet inspection capabilities your SonicWall has.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
    Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
    This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now