Issue

ray_stone · ‎03-30-2008

Hi, If me make an access rule to access the Inside machines from DMZ machine and use IP protocol and after checking all machines of DMZ and Inside zone are being communicate with each other but issue is coming in IIS Application which is configured in DMZ zone and the DB machine configured in Inside zone and other hand if put DB machine in same DMZ zone then app works fine. Is it any conf issue or somwthing wrong which is doing blocked the data between DB and App machine. TYhanks.

JORGE RODRIGUEZ · ‎03-30-2008

What does ASA logs indicates when you have DB in inside, you should be able to see something in the logs when IIS tries to right to DB inside. One would assume that by allowing IP all is allowed, well thats not the case. You may need to explicitly allow SQL TCP port 1433 from DMZ to inside where DB is located, have you try that?

-Jorge

Jorge Rodriguez

ray_stone · ‎03-30-2008

Yes, I have tried Telnet command to access 1433 port from DMZ machines to Inside DB machine and it is being access. Thanks.

JORGE RODRIGUEZ · ‎03-30-2008

Ok, so telnet proves tcp 1433 is good from IIS to SQL DB inside, but you still not telling us what exactly is the problem on the IIS server, what errors messages are being generated on the IIS and/or DB, are you NATing between DMZ and sql DB? any error messagess you can provide will help in undertanding the problem.

Jorge Rodriguez

ray_stone · ‎03-30-2008

Well, we are not recieving any error, when we try to access the application from outside interface it shows blank page and after putting DB into DMZ Zone app works fine from outside network. Thanks