RE: IIS in DMZ, SQL behind ISA
- From: "josephk" <josephk@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 27 Jan 2005 16:38:24 -0800
Yes you need to publish SQL server as well.
Joseph
-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Thursday, January 27, 2005 2:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IIS in DMZ, SQL behind ISA
http://www.ISAserver.org
Publish the server...which one? IIS Server is published...do I need to
publish the SQL server for IIS's benefit also??
S
________________________________
From: josephk [mailto:josephk@xxxxxxxxx]
Sent: Thursday, January 27, 2005 6:07 PM
To: ISA Mailing List
Subject: [isalist] RE: IIS in DMZ, SQL behind ISA
http://www.ISAserver.org
Cool,
Check out the Network type "NAT" or "ROUTE" between the two DMZ and
internal.
I had to create a 1433 rule to all from DMZ to INT.
1. Publish the server
2. Allow for 1433 rule to internal/localhost
Joseph
________________________________
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Thursday, January 27, 2005 1:43 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IIS in DMZ, SQL behind ISA
http://www.ISAserver.org
That's all been done......at the moment it's all set up behind an ISA
2000 box and working flawlessly.
The owner however, wants to move to ISA 2K4. All that shows in the logs
are denies for the sql protocol.
S
________________________________
From: josephk [mailto:josephk@xxxxxxxxx]
Sent: Thursday, January 27, 2005 5:28 PM
To: ISA Mailing List
Subject: [isalist] RE: IIS in DMZ, SQL behind ISA
http://www.ISAserver.org
Hi Steve,
I use a trusted connection between my IIS Box which is in the DMZ. I
also run another DMZ as a Perimeter.
On the IIS box setup a user name with password and such. ON your IIS
site, select the user name and
Password that you have on your local machine.
Setup the same user on your SQL box and grant it the rights that it
needs on the SQL Db.
The reason for the trusted connection like this is that the anonymous
user for IIS is not listed as a user in my Db structure.
By using the simple method of trusted connections with
yourUser/yourPassword on each the anonymous user or in this case trusted
User is passed on to your SQL box.
Thank you,
Joseph
________________________________
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Thursday, January 27, 2005 9:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] IIS in DMZ, SQL behind ISA
http://www.ISAserver.org
I'm having great problems trying to get this to work.
Scenario....
IIS is in the DMZ, SQL Server is in the protected network. IIS needs to
receive and deliver data to the sql Server, (commerce site).
I have a protocol rule and a server publishing rule allowing the sql
protocol both ways but no joy. All SQL requests get denied. Seems that
it should be simple....help.
perimeter (IIS) ip 192.168.109 101
Internal (SQL) IP 192.168.108.2
S
____________________________________________
Steve Moffat President & CEO Optimum I.T. Solutions Ltd
<http://www.optimum.bm/> Tel: (441) 292 8849 Helpdesk: (441) 292
8849Email : steve@xxxxxxxxxx <mailto:%20steve@xxxxxxxxxx>
http://www.optimum.bm <http://www.optimum.bm/>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
