[isapros] Re: [ISAServer] DMZ to SQL
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Tue, 11 Jul 2006 19:34:12 -0500
Is the SQL server on the internal network? If so, then you need to
create a Server Publishing Rule if its:
Internal-->DMZ = NAT
What's very strange is that you can ping. You can't publish ICMP, and an
Access Rule would not work with that Network Rule setup.
Do you have two Network Rules, or were you just restating that it was
also NAT from DMZ to SQL?
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
> Sent: Tuesday, July 11, 2006 7:30 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: [ISAServer] DMZ to SQL
>
> That could be the problem. Yes, I have NAT from Internal to
> DMZ and NAT
> from DMZ to SQL Server.
>
> If I server publish then I don't need the NAT from DMZ to SQL, do I?
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Tuesday, July 11, 2006 8:27 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: [ISAServer] DMZ to SQL
>
> Hi Amy,
>
> NAT from Internal-->DMZ?
>
> If so, an access rule won't work, you'll need a Server
> Publishing Rule.
>
> HTH,
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx
> > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
> > Sent: Tuesday, July 11, 2006 7:26 PM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: [ISAServer] DMZ to SQL
> >
> > NAT.
> >
> > Pings from web server to sql server get to their destination.
> >
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx
> > [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Thomas W Shinder
> > Sent: Tuesday, July 11, 2006 7:36 PM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: [ISAServer] DMZ to SQL
> >
> > Hi Amy,
> >
> > Do you have a route or NAT relationship between the Web
> server and the
> > SQL server?
> >
> > Tom
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >
> >
> >
> > > -----Original Message-----
> > > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> > > Sent: Tuesday, July 11, 2006 6:10 PM
> > > To: isaserver@xxxxxxxxxxxxxxx
> > > Subject: [ISAServer] DMZ to SQL
> > >
> > > I'm stumped. Working with a client to setup a DMZ for a
> web server.
> > > Sounds easy enough. The web server (in the DMZ) needs to talk
> > > to an SQL
> > > server on the Internal network. The web server can
> > > communicate DNS, ICMP
> > > and any domain communications protocols that I throw at it.
> > > It can even
> > > ping the SQL server and the SQL server can ping it.
> > >
> > > But SQL Server protocol port 1433 blows right by my DMZ
> > > access rule and
> > > gets blocked by the default rule.
> > >
> > > Is there something special about SQL? This is the first time
> > > I've tried
> > > to give access from DMZ to an SQL server.
> > >
> > > Thanks,
> > >
> > > Amy
> > > ---
> > > To subscribe to the list - send an email to list@xxxxxxxxxxxxxxx
> > > In the subject line put in JOIN isaserver@xxxxxxxxxxxxxxx,
> > > youremailaddress
> > >
> > > To leave the list - send an email to list@xxxxxxxxxxxxxxx
> > > In the subject line put in LEAVE isaserver@xxxxxxxxxxxxxxx,
> > > youremailaddress
> > >
> > > Don't forget the comma!
> > >
> > >
> >
> >
> >
>
>
>
Other related posts:
