DMZ configuration

Unanswered Question
Mar 20th, 2007
User Badges:

I would like to find out on what is the best practice on setting up Windows Media Server on DMZ. I am trying to setup a WMS server on the DMZ and would like this DMZ server to communicate with my SQL server on my internal network. Below is my configuration.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
acomiskey Wed, 03/21/2007 - 06:14
User Badges:
  • Green, 3000 points or more

Whats wrong with it? Looks ok to me.

nocret808 Wed, 03/21/2007 - 07:00
User Badges:

the DMZ server cant get to my SQL server on my internal network. the other thing im concern is, is this a best practice in allowing DMZ traffic to my internal network? i just want to get some idea.

thanks

suschoud Wed, 03/21/2007 - 07:00
User Badges:
  • Gold, 750 points or more

yeah.the configuration is absolutely fine.

and you have followed the best practices. :)


static is there for the translation purpose between the inside and dmz.


on the dmz interface,there's an access-list which permits the sql data to inside,then there's a deny which denies the rest of the traffic to inside and then there's a permit ip any any for internet access in dmz.


good approach.

let us know if there's any specific question/issue/concern that you might have


Regards,

Sushil

Cisco TAC.

suschoud Wed, 03/21/2007 - 07:02
User Badges:
  • Gold, 750 points or more

hi,


could you please attach the syslogs generated while you attempt to connect to the sql server in inside.


the config. is ok.


Regards,

Sushil

Cisco TAC.

nocret808 Thu, 04/12/2007 - 16:53
User Badges:

Thanks. The question that was raised was: by allowing communication from dmz to the sql server, someone can potentially break or hack into my inside network via the dmz. What they also want to do is to have this DMZ server have Internet capability for Windows patching. i am not sure if im in favor in doing this. please advise.

Actions

This Discussion