Yes you need to publish SQL server as well. Joseph -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Thursday, January 27, 2005 2:28 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: IIS in DMZ, SQL behind ISA http://www.ISAserver.org Publish the server...which one? IIS Server is published...do I need to publish the SQL server for IIS's benefit also?? S ________________________________ From: josephk [mailto:josephk@xxxxxxxxx] Sent: Thursday, January 27, 2005 6:07 PM To: ISA Mailing List Subject: [isalist] RE: IIS in DMZ, SQL behind ISA http://www.ISAserver.org Cool, Check out the Network type "NAT" or "ROUTE" between the two DMZ and internal. I had to create a 1433 rule to all from DMZ to INT. 1. Publish the server 2. Allow for 1433 rule to internal/localhost Joseph ________________________________ From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Thursday, January 27, 2005 1:43 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: IIS in DMZ, SQL behind ISA http://www.ISAserver.org That's all been done......at the moment it's all set up behind an ISA 2000 box and working flawlessly. The owner however, wants to move to ISA 2K4. All that shows in the logs are denies for the sql protocol. S ________________________________ From: josephk [mailto:josephk@xxxxxxxxx] Sent: Thursday, January 27, 2005 5:28 PM To: ISA Mailing List Subject: [isalist] RE: IIS in DMZ, SQL behind ISA http://www.ISAserver.org Hi Steve, I use a trusted connection between my IIS Box which is in the DMZ. I also run another DMZ as a Perimeter. On the IIS box setup a user name with password and such. ON your IIS site, select the user name and Password that you have on your local machine. Setup the same user on your SQL box and grant it the rights that it needs on the SQL Db. The reason for the trusted connection like this is that the anonymous user for IIS is not listed as a user in my Db structure. By using the simple method of trusted connections with yourUser/yourPassword on each the anonymous user or in this case trusted User is passed on to your SQL box. Thank you, Joseph ________________________________ From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Thursday, January 27, 2005 9:50 AM To: [ISAserver.org Discussion List] Subject: [isalist] IIS in DMZ, SQL behind ISA http://www.ISAserver.org I'm having great problems trying to get this to work. Scenario.... IIS is in the DMZ, SQL Server is in the protected network. IIS needs to receive and deliver data to the sql Server, (commerce site). I have a protocol rule and a server publishing rule allowing the sql protocol both ways but no joy. All SQL requests get denied. Seems that it should be simple....help. perimeter (IIS) ip 192.168.109 101 Internal (SQL) IP 192.168.108.2 S ____________________________________________ Steve Moffat President & CEO Optimum I.T. Solutions Ltd <http://www.optimum.bm/> Tel: (441) 292 8849 Helpdesk: (441) 292 8849Email : steve@xxxxxxxxxx <mailto:%20steve@xxxxxxxxxx> http://www.optimum.bm <http://www.optimum.bm/> ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx