Arend,
That's a similar method to what the TMG box I use here at home employs.. I terminate the SSL certs on the TMG, which is public facing. TMG inspects the traffic before passing it to the internal hosts. The web and external SMTP Gateway are in a perimeter network. I have an internal CA infrastructure for encrypting the traffic between TMG and the web, mail gateway, and RD Gateway hosts using private certs. This allows a fairly robust level of security on the network. There's a second (back) firewall between the TMG and the internal networks.
Glenn
_________________________
Actually I
am a Rocket Scientist!
