I have a TMG 2010 instance in a DMZ acting as a perimeter reverse proxy. Inside the network is a forward proxy that allows web access into a secure area, to a number of defined, named, services, all on port 80 or port 443. Existing internal users can access
these services, but I want to make them available to external users, too. I want to offload SSL at the perimeter proxy (a security team requirement), but need to re-establish SSL to the internal https services.
How can I configure TMG to correctly forward these requests to the internal proxy?
I have tried various things. If I forward a published service to a host (the host being the proxy) then the basic port 80 kinda works, but the SSL does not - I get an odd error about the token being invalid.
If I set up a web chain, the incoming request gets redirected to the proxy as if I was trying to reach the proxy alone, ie. if the proxy is on 192.168.1.150:8080, then the proxy receives a request for a page at that address, not the address of the original
name... As you can see, I am somewhat baffled.
All internal and external names are the same, so no url rewriting need occur.
Am experienced with proxying generally, but new to TMG. Any suggestions and pointers very much appreciated.
Regards
David
TMG as a reverse Proxy connecting to another reverse proxy
