Windows Media Server on DMZ - Need assistance

Unanswered Question
Feb 19th, 2007

Hello - I have a Windows Media Server on my DMZ. What i am trying to do is have the WMS server communicate with my SQL server on my inside network and vice versa and for some reason i can't get to WMS server from the inside. can you please look at my config and tell me what issue i'm having.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Mon, 02/19/2007 - 11:44

static (inside,dmz) 192.168.0.0 172.16.0.0 netmask 255.255.0.0 0 0

should be...

static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.0.0 0 0

Jon Marshall Mon, 02/19/2007 - 11:44

Hi

I can't view the visio but from your config i think the problem is the following line:-

static (inside,dmz) 192.168.0.0 172.16.0.0 netmask 255.255.0.0 0 0

What is this line meant to be doing ?

lets say your SQL server was 192.168.0.56 then you would need

static (inside,DMZ) 192.168.0.56 192.168.0.56 netmask 255.255.255.255

This will setup the correct translations for your SQL server to talk to the WMS and vice-versa.

HTH

Jon

npagadua69 Mon, 02/19/2007 - 17:07

will the configuration i have will enable me to ping and perform security updates from my inside network? sorry guys, i a bit new to pix firewall.. any help would be great

Jon Marshall Tue, 02/20/2007 - 02:39

Hi

If you need other servers internally to talk to your DMZ servers go with what the other poster said

static (inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.0.0

You would still need to allow any traffic initiated from the DMZ to the inside in an access-list.

HTH

Jon

npagadua69 Mon, 02/26/2007 - 11:42

i need to allow traffic from the DMZ to my inside interface so that the server can get MS updates. can you please let me know what im missing with my config?

acomiskey Mon, 02/26/2007 - 13:00

As long as you have changed the static as recommended above, you need to add entries to your access list which is applied in interface dmz, which according to your config is "ping_acl". If you're talking about a WSUS server it would be something like...

access-list ping_acl permit tcp host host eq 80

access-group ping_acl in interface dmz

Actions

This Discussion