Problem with SQL Connection through an ASA

kevinhobson2000 · ‎12-21-2007

Hi,

I have a problem with a SQL Connection which is going out of the network to a server hosting the service on the internet.

I have a setup an incoming rule on the inside interface. Details below:

Client Private IP > Public IP SQL Server port 1433.

The connection though is not sucessful.

Anyone come across this on an ASA.

Thanks

Kev

davemit · ‎12-21-2007

I would try doing some basic troubleshooting like pinging the server, and trying to establish a manual connectino on that port (telnet x.x.x.x 1433).

Also enable debug level logging on your ASA and look for the syslogs. Make note of the connection being created and torn down, and make sure there are no XLate or ACL errors.

Lastly, you can set up a capture on the outside interface to verify that your packets are being sent out that interface and you can see what, if any packets are being returned from the end host.

Good luck!

kevinhobson2000 · ‎12-28-2007

Hi,

I did a packet trace from the GUI and it said it was allowed through can it be relied on?

Cbeers

Kev

cisco24x7 · ‎12-28-2007

do you have this in your config:

nat (inside) 1 0 0

global (outside) 1 interface

access-list test permit ip any any log

access-group test in interface inside

As a test, try the following:

nat (inside) 1 0 0

global (outside) 1 interface

access-list test permit ip any any log

access-group test in interface inside

access-group test in interface outside

CCIE Security

palomoj · ‎12-28-2007

does the remote end filter by IP source for TCP 1433? is the remote SQL server listening on a non-standard SQL port?