UPDATE: Take a look HERE for an update.
I’m a blog stats junkie so I pay a lot of attention to what brings people to my site. Currently one of the most popular posts is this one: SharePoint / ISA AAM and SSL Termination issue. This really bothered me because I was never able to provide a solution. It wasn’t important enough to burn a Microsoft support incident since it has a simple solution.
This is a quick post to let you know that I gave up and went with the simple solution. I no longer do SSL termination on ISA to SharePoint. It is now completely SSL from the client browser, to ISA, and from ISA to the SharePoint front end servers. Since we own the switch and the internal network between them, it isn’t necessary from a security standpoint. The only reason we chose to terminate SSL at ISA is to save the administrative headache.
We used multiple host headers on a single IP on the SharePoint frontends. If we needed to add a new web application, it still had the same internal IP but SharePoint added in the new host header. In the new, non-SSL termination world, each front end has a dedicated internal private IP for each web application as well as one external public IP covering all front ends. As the envirnment grows, it is going to cause a few headaches. We have a dedicated subnet for all our internal stuff but it is possible we would eventually hit some limits. Especially as we begin moving other services behind ISA.
I feel bad that I wasn’t able to get this to work since my logs show other people are having this problem. Hopefully I’ll be able to pick the brains of some experts here in a couple weeks.
#1 by Brian on December 16, 2009 - 9:50 am
Check out the following link for an update:
http://www.hugheserblog.com/2009/12/16/quick-update-to-isa-and-ssl-termination-issue/