Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Access from DMZ to inside on ASA

This question has 2 parts.

1. I have a web server in the DMZ. It needs to create an SQL/ODBC connection to a server on the inside. I have created an access list entry (x is dmz, y is inside):

access-list dmz_to_inside extended permit tcp host x.x.x.x host y.y.y.y eq 1433

access-group dmz_to_inside in interface dmz

I have also added a static nat:

static (inside,dmz) y.y.y.y y.y.y.y netmask

However, we can't open ODBC connection to the SQL server.

2. Also, this web server needs to be able to browse a folder on a file server that is on the inside. This web server is not a member of the domain. Can anyone assist me with access list entries to allow this short of "permit ip any any"?



Re: Access from DMZ to inside on ASA

Your NAT and ACL look OK. What do your logs say when you try and access the the SQL server? Do you have the DMZ subnet in your internal routing?

CreatePlease to create content