Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allow SQL traffic from dmz host to internal SQL server

I have a webserver(192.168.10.2) on a DMZ network off of a ASA 5510 7.1(2). It needs to communicate with a MSSQL server(10.10.4.48) on the internal network. What ports, if any, other than tcp 1433 do I need to allow this to happen? I have tried tcp1433 both ways and the webserver is still not able to access the SQL database on the internal network

4 REPLIES
New Member

Re: Allow SQL traffic from dmz host to internal SQL server

Is there any communication at all?

You may be missing a static (inside,DMZ) statement.

Gold

Re: Allow SQL traffic from dmz host to internal SQL server

for PIX low security to high security traffic , it must meet two requirement:

1. acl permitted static command configured

2. static command configured

It seems you have already permited communication with ACL

You need following static command its so called identity NAT

static (inside,dmz) 10.10.4.48 10.10.4.48 netmask 255.255.255.255

M.

Hope that helps rate if it does

New Member

Re: Allow SQL traffic from dmz host to internal SQL server

I already have the static map configured. My internal subnetmask is a /23 and my dmz is a /24. My static map is:

static (Inside,DMZ) 10.10.4.0 10.10.4.0 netmask 255.255.254.0.

I have an ACL access-list INSIDE extended permit tcp host 192.168.10.2 host 10.10.4.48 eq 1433. Is there something I am missing. For testing purposes I would like to be able to 'ping' 10.10.4.48 from 192.168.10.2 as well.

New Member

Re: Allow SQL traffic from dmz host to internal SQL server

Is access-list INSIDE applied to DMZ interface?

access-group INSIDE in interface DMZ

475
Views
0
Helpful
4
Replies