Ed, i actually agree with your boss on this one. I've seen this done before and played around with it myself some time ago. it's kinda like a reverse proxy design. i recall you can do this with strait IIS (redirect) and also w/ ISA for perhaps a more elegant solution. Forgive the lack of detail as I don't recall some of the specifics, but at a high-level, i know you can do this redirect/proxy design. That said, i agree with you that ideally the destination end point of the http/ssl conversation should be on a secured network (such as a dmz). Using ISA could mitigate some of those concerns.
Hopefully this helps some. others may have better details/pointers. cheers-byron -----Original Message----- From: Ed Esgro [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 06, 2002 9:46 AM To: MSWinNT Discussions Subject: IIS 4.0 Not sure what I am going to explain is possible, but let me throw it out there. I have a web server on the DMZ (webserver1). I have a web server on my internal network (webserver2). Internal users access webserver2 without going out to the internet. We need to have external people access webserver2. I suggested using NAT for access. My boss doesn't prefer this option. His suggestion was to research the following scenario. Here goes... Have our ISP DNS point webserver2 to the IP address of webserver1. On web server1 somehow redirect users to webserver2. So if I were to type in http://webserver2/webpage from the outside world, I would initially get sent to webserver1 and then webserver1 could re-direct me to webserver2. Keep in mind webserver1 is on DMZ and webserver2 is on internal network. Now I realize it would just make more sense to put webserver2 on the DMZ. That would be easy and make a lot of sense, but I am not the final decision maker. So with that said, does anyone have any thoughts of comments on this configuration? Thank you all. Ed ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
