Thanks to all who have given different suggestions. Binding HTTP (port 80) to 127.0.0.1 and HTTPS (port 443) to external/public IP will not work for me. My situation is slightly more complicated. For external clients, I want to enforce SSL only on part of my application (certain URLs) not all.
I will look into URL Rewrite as suggested by Nicholas. -Ajay