Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.
During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.
We apologize for the inconvenience while we perform important updates to the Community.
I have a database on one server with a dmz address and it will not communicate with another web server on the dmz that has a outside ip translated to dmz address. It has internet access and I can navigate the internet fine, but any server on the dmz seems to be off limits. I need to be able for the db server to email me via the web server on back-up completion and varification. Any ideas would be greatly appreciated.
What are the security levels on the DMZ interfaces? Remember to go from a lower one to a higher one, you need a static. You should also implement an ACL to control access.
HTH and please rate
Both servers are on the same dmz interface. I have tried to place a hairpin on it both ways permit 10.1.10.0 255.255.255.0 10.1.10.0 255.255.255.0 no go on dmz in dmz out access-lists. Thanks for the help
If both servers are on the same DMZ then it is unlikely to be the firewall.
What type of switch are you using for the DMZ network ?
Did you configure the switch or did you inherit it ?
If both servers are within the same subnet then when the db server wants to talk to the web server it will not go via the firewall DMZ interface, they should be switched at layer2.
The switch is an HP ProCurve purchased new last year. Sorry can not recall the model off the top of my head. Both servers are in an IBM blade center. Which is connect to the HP ProCurve. One other not of course the web server has a translated live ip and the db server does not. It just has DMZ address. Thanks for the feedback.
Can both the servers ping the default gateway. When you say the web server has a translated address that's fine but presumably the address configured on the NIC for the web server is out of the same subnet as the database server ???
Does the IBM blade enclosure have switch built in. Are there any vlans configured on the blade enclosure. You might have a mismatch of vlan information.
Can both servers ping each other
I have not tried to ping the default gateway. Ill try that today when I get to the office. They can ping each other but only using the DMZ address. If I try to ping from the DB to the Web server via the live ip no go. Ill do some more testing today and let everyone know. Thanks again for the ideas.
Little confused now.
Do you need to ping the public IP address of the web server from the Db server. I thought the original problem was that the db server couldn't communicate with the web server.
Seems they can talk to each other on their private IP addresses. Is there a requirement for the db server to talk to the web server but only on it's public IP address.
does your DB server talk to your web server using its DNS name? If so your DNS should be configured to return the private IP address of the web server for internal mahines and only respond with the public IP for anyone connecting from outside your network.