Access from DMZ to inside on ASA

Unanswered Question

This question has 2 parts.

1. I have a web server in the DMZ. It needs to create an SQL/ODBC connection to a server on the inside. I have created an access list entry (x is dmz, y is inside):

access-list dmz_to_inside extended permit tcp host x.x.x.x host y.y.y.y eq 1433

access-group dmz_to_inside in interface dmz

I have also added a static nat:

static (inside,dmz) y.y.y.y y.y.y.y netmask

However, we can't open ODBC connection to the SQL server.

2. Also, this web server needs to be able to browse a folder on a file server that is on the inside. This web server is not a member of the domain. Can anyone assist me with access list entries to allow this short of "permit ip any any"?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Thu, 12/11/2008 - 09:51

Your NAT and ACL look OK. What do your logs say when you try and access the the SQL server? Do you have the DMZ subnet in your internal routing?


This Discussion