Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

inter DMZ Communication Confusion

I have a database on one server with a dmz address and it will not communicate with another web server on the dmz that has a outside ip translated to dmz address. It has internet access and I can navigate the internet fine, but any server on the dmz seems to be off limits. I need to be able for the db server to email me via the web server on back-up completion and varification. Any ideas would be greatly appreciated.

11 REPLIES

Re: inter DMZ Communication Confusion

What are the security levels on the DMZ interfaces? Remember to go from a lower one to a higher one, you need a static. You should also implement an ACL to control access.

HTH and please rate

New Member

Re: inter DMZ Communication Confusion

Both servers are on the same dmz interface. I have tried to place a hairpin on it both ways permit 10.1.10.0 255.255.255.0 10.1.10.0 255.255.255.0 no go on dmz in dmz out access-lists. Thanks for the help

Re: inter DMZ Communication Confusion

If both servers are in the same DMZ, they should be able to communicate. Can they ping each other?

Hall of Fame Super Blue

Re: inter DMZ Communication Confusion

Oops - looks like you beat me to it :-)

Hall of Fame Super Blue

Re: inter DMZ Communication Confusion

Hi

If both servers are on the same DMZ then it is unlikely to be the firewall.

What type of switch are you using for the DMZ network ?

Did you configure the switch or did you inherit it ?

If both servers are within the same subnet then when the db server wants to talk to the web server it will not go via the firewall DMZ interface, they should be switched at layer2.

Jon

New Member

Re: inter DMZ Communication Confusion

The switch is an HP ProCurve purchased new last year. Sorry can not recall the model off the top of my head. Both servers are in an IBM blade center. Which is connect to the HP ProCurve. One other not of course the web server has a translated live ip and the db server does not. It just has DMZ address. Thanks for the feedback.

Hall of Fame Super Blue

Re: inter DMZ Communication Confusion

Hi

Can both the servers ping the default gateway. When you say the web server has a translated address that's fine but presumably the address configured on the NIC for the web server is out of the same subnet as the database server ???

Jon

New Member

Re: inter DMZ Communication Confusion

Does the IBM blade enclosure have switch built in. Are there any vlans configured on the blade enclosure. You might have a mismatch of vlan information.

Can both servers ping each other

New Member

Re: inter DMZ Communication Confusion

I have not tried to ping the default gateway. Ill try that today when I get to the office. They can ping each other but only using the DMZ address. If I try to ping from the DB to the Web server via the live ip no go. Ill do some more testing today and let everyone know. Thanks again for the ideas.

Hall of Fame Super Blue

Re: inter DMZ Communication Confusion

Hi

Little confused now.

Do you need to ping the public IP address of the web server from the Db server. I thought the original problem was that the db server couldn't communicate with the web server.

Seems they can talk to each other on their private IP addresses. Is there a requirement for the db server to talk to the web server but only on it's public IP address.

Jon

New Member

Re: inter DMZ Communication Confusion

does your DB server talk to your web server using its DNS name? If so your DNS should be configured to return the private IP address of the web server for internal mahines and only respond with the public IP for anyone connecting from outside your network.

206
Views
0
Helpful
11
Replies
CreatePlease to create content