Web server and SSL VPN on single IP address

I host a web site from a home server (IIS). Certain sections of this site are protected by SSL. I would like to add SSL VPN to my setup so that I can connect to my network remotely.

The problem is that I have only one external IP address and would like to have SSL VPN on port 443 which is already mapped to my web server.
Is this doable? Are there any SSL VPN appliances which are smart enough to route traffic to my web server appropriately (perhaps by looking at request hostnames)? Or perhaps there are some combinations of SSL accelerators and VPNs which are capable of this.

Is this too much to ask for?

Thanks in advance!
Helge

It looks like FVS338 does not supports SSL VPN, only IPSec. Unfortunatelly this doesn't work for me as I often have to connect to my home network from within organizations with very restrictive firewalls having just a few open ports. Since port 443 is almost always open, SSL VPN looks like ideal solution. However I already use port 443 for my web server. (And I have only one external IP address)

My hope is that there is an appliance or a software solution which could examine hostheaders and route requests to either web server or to VPN.
Does anyone know of a way to solve this?

Thanks for your explanation, Sevren. It is great to get a competent reply. As you probably gathered from my posts, networking is not my area of expertise.

Could you kindly tell me if the following setup can work for me:

1. Get second IP.
2. Connect switch to cable modem
3. Connect a router for local network to the switch
4. Connect an SSL VPN appliance to the switch
5. Configure a bridge between SSL VPN and local net?

Is there a simplier solution? Can you recommend any specific devices?
Thanks

http://weblog.bluepenguin.us/archives/2002_12_28.html

Maybe this will help.

That would work. Two IPs, two home routers, including one at least that supports VPN w/ SSL (if that's what you had in mind by SSL Appliance), and then you can bridge both internal networks.

I don't know how you're getting your IPs, so it's hard to suggest something else, but the only other possible setup in my opinion is to use a router that supports multiple IPs instead of having 2 devices and having to bridge them eventually. You could possibly get a cheap Cisco 850 series router, for example. But then again as I said, it all depends on what kind of connection you have and how your ISP will assign you IPs.

As for t1n0m3n's suggestion of using a load balancer like a F5 BigIP or MLBS, I just don't see how that would help, but maybe I'm missing something. You'd still be stuck unable to get the http header because of the SSL encryption.