Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

limit access from DMZ to inside Database

I am about to build a web server and place the server on our DMZ. My question is i'm going to be creating a client access express ODBC connection to our AS/400 server on the inside(private). Is there a way I can secure this to allow only odbc requests to our inside server?? What are my options and what are the security risks?

Thanks for any input!!

  • Other Security Subjects
3 REPLIES
New Member

Re: limit access from DMZ to inside Database

Remember that you can control the flow of traffic in both directions. So specify the two devices explicitly in any access-list, or statis nat config with the designated port/service specified.

To garner the most out of the configuration, consideration for bi-directional traffic is key.

New Member

Re: limit access from DMZ to inside Database

I was going to enter this. Would this ONLY allow the to access the internal ip 172.17.1.3?

static (inside,dmz) 172.17.1.3 172.17.1.3 netmask 255.255.255.255 0 0

static (dmz,outside) netmask 255.255.255.255 0 0

conduit permit tcp host 172.17.1.3 eq host

Thanks.

New Member

Re: limit access from DMZ to inside Database

You can use ACLs and bind statics to certain protocols and ports using:

static (inside,dmz) 172.17.1.3 172.17.1.3 netmask 255.255.255.255 0 0

access-list acl_dmz permit tcp host DMZServerIP host 172.17.1.3 eq IPPort

access-group acl_dmz in interface dmz

In the above case the ODBC drivers may use native drivers and IP ports to connect to the AS400 (I think DB2 uses 523 TCP)

119
Views
0
Helpful
3
Replies
This widget could not be displayed.