11-28-2006 06:46 AM - edited 03-11-2019 02:01 AM
I have a webserver(192.168.10.2) on a DMZ network off of a ASA 5510 7.1(2). It needs to communicate with a MSSQL server(10.10.4.48) on the internal network. What ports, if any, other than tcp 1433 do I need to allow this to happen? I have tried tcp1433 both ways and the webserver is still not able to access the SQL database on the internal network
11-28-2006 07:17 AM
Is there any communication at all?
You may be missing a static (inside,DMZ) statement.
11-28-2006 07:22 AM
for PIX low security to high security traffic , it must meet two requirement:
1. acl permitted static command configured
2. static command configured
It seems you have already permited communication with ACL
You need following static command its so called identity NAT
static (inside,dmz) 10.10.4.48 10.10.4.48 netmask 255.255.255.255
M.
Hope that helps rate if it does
11-28-2006 07:34 AM
I already have the static map configured. My internal subnetmask is a /23 and my dmz is a /24. My static map is:
static (Inside,DMZ) 10.10.4.0 10.10.4.0 netmask 255.255.254.0.
I have an ACL access-list INSIDE extended permit tcp host 192.168.10.2 host 10.10.4.48 eq 1433. Is there something I am missing. For testing purposes I would like to be able to 'ping' 10.10.4.48 from 192.168.10.2 as well.
11-28-2006 10:31 AM
Is access-list INSIDE applied to DMZ interface?
access-group INSIDE in interface DMZ
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide