Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Question about Web Server(DMZ) access to DB Server(Inside)

Dear all,

I put Web server and Mail server at DMZ and DB server at inside. One DNS for outside and one DNS for inside. Mail and Web service are no problem with inside to outside or outside into inside, but the Web server can't access the inside DB server.

My Pix : 515R v5.31

Web Server : 10.1.1.1

DMZ Interface : 10.1.1.11

DB Server : 172.16.1.1

DB Server gateway : 172.16.1.11

Inside Interface : 172.16.1.11

My setup configuration as the following:

static (inside,dmz) 10.1.1.2 172.16.1.11 netmask 255.255.255.255

access-list dmz permit tcp any any

access-list dmz permit ip any any

access-list dmz permit icmp any any

access-group dmz in interface dmz

I opened all security between dmz and inside, there has no help about access to DB server. Would some one experts help me to solve this problem? Did I miss something?

Best Regard,

2 REPLIES
New Member

Re: Question about Web Server(DMZ) access to DB Server(Inside)

The static translation should be between 10.1.1.2 and 172.16.1.1 (not .11). This assumes that 10.1.1.2 is the IP address used by the web server to communicate with the DB server.

You should be much more specific with your access list, but I asume that you opened it up completely for troubleshooting purposes.

I hope this helps.

New Member

Re: Question about Web Server(DMZ) access to DB Server(Inside)

static (inside,dmz) 172.16.1.0 172.16.1.0 netmask 255.255.255.0

Try something like the above.

This prevents translation from inside network when sending packets to the DMZ.

236
Views
0
Helpful
2
Replies
CreatePlease to create content