Da rule, lady - da rule. Log excerpts..? ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Tuesday, July 11, 2006 17:26 To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: [ISAServer] DMZ to SQL NAT. Pings from web server to sql server get to their destination. -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Tuesday, July 11, 2006 7:36 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: [ISAServer] DMZ to SQL Hi Amy, Do you have a route or NAT relationship between the Web server and the SQL server? Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] > Sent: Tuesday, July 11, 2006 6:10 PM > To: isaserver@xxxxxxxxxxxxxxx > Subject: [ISAServer] DMZ to SQL > > I'm stumped. Working with a client to setup a DMZ for a web server. > Sounds easy enough. The web server (in the DMZ) needs to talk to an > SQL server on the Internal network. The web server can communicate > DNS, ICMP and any domain communications protocols that I throw at it. > It can even > ping the SQL server and the SQL server can ping it. > > But SQL Server protocol port 1433 blows right by my DMZ access rule > and gets blocked by the default rule. > > Is there something special about SQL? This is the first time I've > tried to give access from DMZ to an SQL server. > > Thanks, > > Amy > --- > To subscribe to the list - send an email to list@xxxxxxxxxxxxxxx In > the subject line put in JOIN isaserver@xxxxxxxxxxxxxxx, > youremailaddress > > To leave the list - send an email to list@xxxxxxxxxxxxxxx In the > subject line put in LEAVE isaserver@xxxxxxxxxxxxxxx, youremailaddress > > Don't forget the comma! > > All mail to and from this domain is GFI-scanned.