[isapros] Re: [ISAServer] DMZ to SQL

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isapros@xxxxxxxxxxxxx>
• Date: Tue, 11 Jul 2006 19:35:38 -0500

Why NAT from DMZ to SQL?

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
> Sent: Tuesday, July 11, 2006 7:33 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: [ISAServer] DMZ to SQL
> 
> There are 3 NATs.
> 
> DMZ to External
> Internal to DMZ
> DMZ to SQL Server
> 
> Sounds like that last one could be the problem. So is it server
> publishing that I need to do then? The goal is for the web app in the
> DMZ to get data from the SQL server on the Internal network.
> 
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Tuesday, July 11, 2006 8:29 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: [ISAServer] DMZ to SQL
> 
> Oh, Pings work?
> 
> So you're NATing from the DMZ-->Internal?
> 
> That's a new twist, hiding the DMZ addresses from the internal network
> clients?
> 
> Tom
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
>  
> 
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx 
> > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> > Sent: Tuesday, July 11, 2006 7:27 PM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: [ISAServer] DMZ to SQL
> > 
> > Hi Amy,
> > 
> > NAT from Internal-->DMZ?
> > 
> > If so, an access rule won't work, you'll need a Server 
> > Publishing Rule.
> > 
> > HTH,
> > Tom
> > 
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > 
> >  
> > 
> > > -----Original Message-----
> > > From: isapros-bounce@xxxxxxxxxxxxx 
> > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
> > > Sent: Tuesday, July 11, 2006 7:26 PM
> > > To: isapros@xxxxxxxxxxxxx
> > > Subject: [isapros] Re: [ISAServer] DMZ to SQL
> > > 
> > > NAT. 
> > > 
> > > Pings from web server to sql server get to their destination. 
> > > 
> > > -----Original Message-----
> > > From: isapros-bounce@xxxxxxxxxxxxx 
> > > [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > > On Behalf Of Thomas W Shinder
> > > Sent: Tuesday, July 11, 2006 7:36 PM
> > > To: isapros@xxxxxxxxxxxxx
> > > Subject: [isapros] Re: [ISAServer] DMZ to SQL
> > > 
> > > Hi Amy,
> > > 
> > > Do you have a route or NAT relationship between the Web 
> > server and the
> > > SQL server?
> > > 
> > > Tom
> > > 
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://blogs.isaserver.org/shinder/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > 
> > >  
> > > 
> > > > -----Original Message-----
> > > > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
> > > > Sent: Tuesday, July 11, 2006 6:10 PM
> > > > To: isaserver@xxxxxxxxxxxxxxx
> > > > Subject: [ISAServer] DMZ to SQL
> > > > 
> > > > I'm stumped. Working with a client to setup a DMZ for a 
> > web server.
> > > > Sounds easy enough. The web server (in the DMZ) needs to talk 
> > > > to an SQL
> > > > server on the Internal network. The web server can 
> > > > communicate DNS, ICMP
> > > > and any domain communications protocols that I throw at it. 
> > > > It can even
> > > > ping the SQL server and the SQL server can ping it. 
> > > > 
> > > > But SQL Server protocol port 1433 blows right by my DMZ 
> > > > access rule and
> > > > gets blocked by the default rule. 
> > > > 
> > > > Is there something special about SQL? This is the first time 
> > > > I've tried
> > > > to give access from DMZ to an SQL server.
> > > > 
> > > > Thanks,
> > > > 
> > > > Amy
> > > > ---
> > > > To subscribe to the list - send an email to list@xxxxxxxxxxxxxxx
> > > > In the subject line put in JOIN isaserver@xxxxxxxxxxxxxxx, 
> > > > youremailaddress
> > > > 
> > > > To leave the list - send an email to list@xxxxxxxxxxxxxxx
> > > > In the subject line put in LEAVE isaserver@xxxxxxxxxxxxxxx, 
> > > > youremailaddress
> > > > 
> > > > Don't forget the comma!
> > > > 
> > > > 
> > > 
> > > 
> > > 
> > 
> > 
> 
> 
> 

Other related posts:

• » [isapros] Re: [ISAServer] DMZ to SQL
• » [isapros] Re: [ISAServer] DMZ to SQL
• » [isapros] Re: [ISAServer] DMZ to SQL
• » [isapros] Re: [ISAServer] DMZ to SQL
• » [isapros] Re: [ISAServer] DMZ to SQL
• » [isapros] Re: [ISAServer] DMZ to SQL
• » [isapros] Re: [ISAServer] DMZ to SQL
• » [isapros] Re: [ISAServer] DMZ to SQL
• » [isapros] Re: [ISAServer] DMZ to SQL
• » [isapros] Re: [ISAServer] DMZ to SQL
• » [isapros] Re: [ISAServer] DMZ to SQL
• » [isapros] Re: [ISAServer] DMZ to SQL
• » [isapros] Re: [ISAServer] DMZ to SQL
• » [isapros] Re: [ISAServer] DMZ to SQL

1. Home
2. isapros
3. Archive
4. 07-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---