Argh! Nevermind. I was not thinking the whole thing through but now its working as desired. All it was, external requests had to come from the non-standard port but IIS is listening on the standard. Switching IIS to listen on the non-standard port and modifying the firewall rules and NAT to not change the destination port squared me away...