cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
621
Views
0
Helpful
11
Replies

inter DMZ Communication Confusion

marco.medina
Level 1
Level 1

I have a database on one server with a dmz address and it will not communicate with another web server on the dmz that has a outside ip translated to dmz address. It has internet access and I can navigate the internet fine, but any server on the dmz seems to be off limits. I need to be able for the db server to email me via the web server on back-up completion and varification. Any ideas would be greatly appreciated.

11 Replies 11

Collin Clark
VIP Alumni
VIP Alumni

What are the security levels on the DMZ interfaces? Remember to go from a lower one to a higher one, you need a static. You should also implement an ACL to control access.

HTH and please rate

Both servers are on the same dmz interface. I have tried to place a hairpin on it both ways permit 10.1.10.0 255.255.255.0 10.1.10.0 255.255.255.0 no go on dmz in dmz out access-lists. Thanks for the help

If both servers are in the same DMZ, they should be able to communicate. Can they ping each other?

Oops - looks like you beat me to it :-)

Hi

If both servers are on the same DMZ then it is unlikely to be the firewall.

What type of switch are you using for the DMZ network ?

Did you configure the switch or did you inherit it ?

If both servers are within the same subnet then when the db server wants to talk to the web server it will not go via the firewall DMZ interface, they should be switched at layer2.

Jon

The switch is an HP ProCurve purchased new last year. Sorry can not recall the model off the top of my head. Both servers are in an IBM blade center. Which is connect to the HP ProCurve. One other not of course the web server has a translated live ip and the db server does not. It just has DMZ address. Thanks for the feedback.

Hi

Can both the servers ping the default gateway. When you say the web server has a translated address that's fine but presumably the address configured on the NIC for the web server is out of the same subnet as the database server ???

Jon

johnroche_2
Level 1
Level 1

Does the IBM blade enclosure have switch built in. Are there any vlans configured on the blade enclosure. You might have a mismatch of vlan information.

Can both servers ping each other

I have not tried to ping the default gateway. Ill try that today when I get to the office. They can ping each other but only using the DMZ address. If I try to ping from the DB to the Web server via the live ip no go. Ill do some more testing today and let everyone know. Thanks again for the ideas.

Hi

Little confused now.

Do you need to ping the public IP address of the web server from the Db server. I thought the original problem was that the db server couldn't communicate with the web server.

Seems they can talk to each other on their private IP addresses. Is there a requirement for the db server to talk to the web server but only on it's public IP address.

Jon

does your DB server talk to your web server using its DNS name? If so your DNS should be configured to return the private IP address of the web server for internal mahines and only respond with the public IP for anyone connecting from outside your network.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: