I am trying to get something similar working. I have setup a VIP with cert listening on port 3269 which is the secure global catalog port. The pool attached to this VIP are global catalog AD servers listening on port 3268. Is there any reason this shouldn't work? I can connect LDAP clients fine from on my company network but am so far not successful off network. My firewall group has supposedly allowed external access to port 3269 and I can telnet to it and get response but I simply can't connect/bind from the outside. Any ideas would be appreciated.