cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
367
Views
0
Helpful
1
Replies

Access from DMZ to inside on ASA

f00f1ter
Level 1
Level 1

This question has 2 parts.

1. I have a web server in the DMZ. It needs to create an SQL/ODBC connection to a server on the inside. I have created an access list entry (x is dmz, y is inside):

access-list dmz_to_inside extended permit tcp host x.x.x.x host y.y.y.y eq 1433

access-group dmz_to_inside in interface dmz

I have also added a static nat:

static (inside,dmz) y.y.y.y y.y.y.y netmask 255.255.255.255

However, we can't open ODBC connection to the SQL server.

2. Also, this web server needs to be able to browse a folder on a file server that is on the inside. This web server is not a member of the domain. Can anyone assist me with access list entries to allow this short of "permit ip any any"?

TIA

1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

Your NAT and ACL look OK. What do your logs say when you try and access the the SQL server? Do you have the DMZ subnet in your internal routing?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: