We have OWA up and running in back of ISA2004. We are adding another web-enabled app to the OWA server. The new website has its own virtual ip. I added the new website & ip to the hosts file on ISA and put a route in the route table. When I try to create a new listener, using the new certificate, I get an error that I have overlapping ip address and port pairs. What gives? I can't use a wildcard cert -- we're already committed to the name on the OWA cert and can't change it. And the vendor is coming on Monday to install the new app.
We have Cisco content switch modules on either side of our two ISA machines. The outer CSM has a virtual ISA address for OWA (for load balancing) and another for the new application. The ISAs don't know anything about the virtual addresseses, just their own physical addresses.
If the content switches can perform port translation on the incoming traffic, then you could just create another ISA Web Listener on a different port. Otherwise, you'll have to add another IP to ISA to get another Web Listener on 443. ISA can only have 1 certificate per IP:Port combo. You can use wildcard certs, but they have to be the same domain name, and some commercial CAs don't issue them.