Hi Amy, NAT from Internal-->DMZ? If so, an access rule won't work, you'll need a Server Publishing Rule. HTH, Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak > Sent: Tuesday, July 11, 2006 7:26 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: [ISAServer] DMZ to SQL > > NAT. > > Pings from web server to sql server get to their destination. > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] > On Behalf Of Thomas W Shinder > Sent: Tuesday, July 11, 2006 7:36 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: [ISAServer] DMZ to SQL > > Hi Amy, > > Do you have a route or NAT relationship between the Web server and the > SQL server? > > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] > > Sent: Tuesday, July 11, 2006 6:10 PM > > To: isaserver@xxxxxxxxxxxxxxx > > Subject: [ISAServer] DMZ to SQL > > > > I'm stumped. Working with a client to setup a DMZ for a web server. > > Sounds easy enough. The web server (in the DMZ) needs to talk > > to an SQL > > server on the Internal network. The web server can > > communicate DNS, ICMP > > and any domain communications protocols that I throw at it. > > It can even > > ping the SQL server and the SQL server can ping it. > > > > But SQL Server protocol port 1433 blows right by my DMZ > > access rule and > > gets blocked by the default rule. > > > > Is there something special about SQL? This is the first time > > I've tried > > to give access from DMZ to an SQL server. > > > > Thanks, > > > > Amy > > --- > > To subscribe to the list - send an email to list@xxxxxxxxxxxxxxx > > In the subject line put in JOIN isaserver@xxxxxxxxxxxxxxx, > > youremailaddress > > > > To leave the list - send an email to list@xxxxxxxxxxxxxxx > > In the subject line put in LEAVE isaserver@xxxxxxxxxxxxxxx, > > youremailaddress > > > > Don't forget the comma! > > > > > > >