We have a LB (Cisco CSS11503) in front of our two WFE's. The LB device functions also as SSL Offloader. The URL of our service for the internal users is https://service.company.com.
Upon page request, SSL Offloading and load-balancing takes place on Cisco, and the requests are redirected to one of the WFE's. Cisco device cannot modify the HTTP-Header of the request, so while the requests are redirected to one of the WFE's, the Request-URI of the request itself is the same FQDN but with http protocol, http://service.company.com.
There are some good blog posts about how to configure MOSS AAM in NLB senarios. However, none of them explains how to make the previously mentioned case working. In AAM you just cannot define (or so it seems) Internal URL FQDN to be the same as Public URL FQDN so that in Internal URL the protocol is http and in the Public URL the protocol is https.
The order in which you define the URLs is important. The key is that you must first have a single URL in a zone which is using https protocol. After that you may add another URL and define it's protocol to http.
1. In the beginning you only have one URL defined, and this URL is the one you want to use, but you just would like to have the Public URL for Zone URL to say https://service.company.com.
2. No worries, select the Internal URL link http://service.company.com and change the Internal URL to https://service.company.com (or something else than the URL you want to use for the service), click OK.
3. Select "Add Internal URLs" link and type in the http-URL of your service, http://service.company.com, and select Default zone. Click Save.
Now you have the same FQDN for the service, but different protocol in Internal and Public URLs.
We did also define "Front-End-Https: on" header on Cisco, but I don't know if it is required.