Oh, Pings work? So you're NATing from the DMZ-->Internal? That's a new twist, hiding the DMZ addresses from the internal network clients? Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > Sent: Tuesday, July 11, 2006 7:27 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: [ISAServer] DMZ to SQL > > Hi Amy, > > NAT from Internal-->DMZ? > > If so, an access rule won't work, you'll need a Server > Publishing Rule. > > HTH, > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak > > Sent: Tuesday, July 11, 2006 7:26 PM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Re: [ISAServer] DMZ to SQL > > > > NAT. > > > > Pings from web server to sql server get to their destination. > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] > > On Behalf Of Thomas W Shinder > > Sent: Tuesday, July 11, 2006 7:36 PM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Re: [ISAServer] DMZ to SQL > > > > Hi Amy, > > > > Do you have a route or NAT relationship between the Web > server and the > > SQL server? > > > > Tom > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://blogs.isaserver.org/shinder/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > > > > > > > > -----Original Message----- > > > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] > > > Sent: Tuesday, July 11, 2006 6:10 PM > > > To: isaserver@xxxxxxxxxxxxxxx > > > Subject: [ISAServer] DMZ to SQL > > > > > > I'm stumped. Working with a client to setup a DMZ for a > web server. > > > Sounds easy enough. The web server (in the DMZ) needs to talk > > > to an SQL > > > server on the Internal network. The web server can > > > communicate DNS, ICMP > > > and any domain communications protocols that I throw at it. > > > It can even > > > ping the SQL server and the SQL server can ping it. > > > > > > But SQL Server protocol port 1433 blows right by my DMZ > > > access rule and > > > gets blocked by the default rule. > > > > > > Is there something special about SQL? This is the first time > > > I've tried > > > to give access from DMZ to an SQL server. > > > > > > Thanks, > > > > > > Amy > > > --- > > > To subscribe to the list - send an email to list@xxxxxxxxxxxxxxx > > > In the subject line put in JOIN isaserver@xxxxxxxxxxxxxxx, > > > youremailaddress > > > > > > To leave the list - send an email to list@xxxxxxxxxxxxxxx > > > In the subject line put in LEAVE isaserver@xxxxxxxxxxxxxxx, > > > youremailaddress > > > > > > Don't forget the comma! > > > > > > > > > > > > > >