12-21-2007 08:04 AM - edited 03-12-2019 05:54 PM
Hi,
I have a problem with a SQL Connection which is going out of the network to a server hosting the service on the internet.
I have a setup an incoming rule on the inside interface. Details below:
Client Private IP > Public IP SQL Server port 1433.
The connection though is not sucessful.
Anyone come across this on an ASA.
Thanks
Kev
12-21-2007 12:49 PM
I would try doing some basic troubleshooting like pinging the server, and trying to establish a manual connectino on that port (telnet x.x.x.x 1433).
Also enable debug level logging on your ASA and look for the syslogs. Make note of the connection being created and torn down, and make sure there are no XLate or ACL errors.
Lastly, you can set up a capture on the outside interface to verify that your packets are being sent out that interface and you can see what, if any packets are being returned from the end host.
Good luck!
12-28-2007 01:08 AM
Hi,
I did a packet trace from the GUI and it said it was allowed through can it be relied on?
Cbeers
Kev
12-28-2007 06:48 AM
do you have this in your config:
nat (inside) 1 0 0
global (outside) 1 interface
access-list test permit ip any any log
access-group test in interface inside
As a test, try the following:
nat (inside) 1 0 0
global (outside) 1 interface
access-list test permit ip any any log
access-group test in interface inside
access-group test in interface outside
CCIE Security
12-28-2007 08:54 AM
does the remote end filter by IP source for TCP 1433? is the remote SQL server listening on a non-standard SQL port?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide