Because I was desperate. -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Tuesday, July 11, 2006 8:36 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: [ISAServer] DMZ to SQL Why NAT from DMZ to SQL? Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak > Sent: Tuesday, July 11, 2006 7:33 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: [ISAServer] DMZ to SQL > > There are 3 NATs. > > DMZ to External > Internal to DMZ > DMZ to SQL Server > > Sounds like that last one could be the problem. So is it server > publishing that I need to do then? The goal is for the web app in the > DMZ to get data from the SQL server on the Internal network. > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] > On Behalf Of Thomas W Shinder > Sent: Tuesday, July 11, 2006 8:29 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: [ISAServer] DMZ to SQL > > Oh, Pings work? > > So you're NATing from the DMZ-->Internal? > > That's a new twist, hiding the DMZ addresses from the internal network > clients? > > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > > Sent: Tuesday, July 11, 2006 7:27 PM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Re: [ISAServer] DMZ to SQL > > > > Hi Amy, > > > > NAT from Internal-->DMZ? > > > > If so, an access rule won't work, you'll need a Server > > Publishing Rule. > > > > HTH, > > Tom > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://blogs.isaserver.org/shinder/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > > > > > > > > -----Original Message----- > > > From: isapros-bounce@xxxxxxxxxxxxx > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak > > > Sent: Tuesday, July 11, 2006 7:26 PM > > > To: isapros@xxxxxxxxxxxxx > > > Subject: [isapros] Re: [ISAServer] DMZ to SQL > > > > > > NAT. > > > > > > Pings from web server to sql server get to their destination. > > > > > > -----Original Message----- > > > From: isapros-bounce@xxxxxxxxxxxxx > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] > > > On Behalf Of Thomas W Shinder > > > Sent: Tuesday, July 11, 2006 7:36 PM > > > To: isapros@xxxxxxxxxxxxx > > > Subject: [isapros] Re: [ISAServer] DMZ to SQL > > > > > > Hi Amy, > > > > > > Do you have a route or NAT relationship between the Web > > server and the > > > SQL server? > > > > > > Tom > > > > > > Thomas W Shinder, M.D. > > > Site: www.isaserver.org > > > Blog: http://blogs.isaserver.org/shinder/ > > > Book: http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > > > > > > > > > > > > -----Original Message----- > > > > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] > > > > Sent: Tuesday, July 11, 2006 6:10 PM > > > > To: isaserver@xxxxxxxxxxxxxxx > > > > Subject: [ISAServer] DMZ to SQL > > > > > > > > I'm stumped. Working with a client to setup a DMZ for a > > web server. > > > > Sounds easy enough. The web server (in the DMZ) needs to talk > > > > to an SQL > > > > server on the Internal network. The web server can > > > > communicate DNS, ICMP > > > > and any domain communications protocols that I throw at it. > > > > It can even > > > > ping the SQL server and the SQL server can ping it. > > > > > > > > But SQL Server protocol port 1433 blows right by my DMZ > > > > access rule and > > > > gets blocked by the default rule. > > > > > > > > Is there something special about SQL? This is the first time > > > > I've tried > > > > to give access from DMZ to an SQL server. > > > > > > > > Thanks, > > > > > > > > Amy > > > > --- > > > > To subscribe to the list - send an email to list@xxxxxxxxxxxxxxx > > > > In the subject line put in JOIN isaserver@xxxxxxxxxxxxxxx, > > > > youremailaddress > > > > > > > > To leave the list - send an email to list@xxxxxxxxxxxxxxx > > > > In the subject line put in LEAVE isaserver@xxxxxxxxxxxxxxx, > > > > youremailaddress > > > > > > > > Don't forget the comma! > > > > > > > > > > > > > > > > > > > > > > > >