cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
660
Views
0
Helpful
2
Replies

Question about Web Server(DMZ) access to DB Server(Inside)

daviswu
Level 1
Level 1

Dear all,

I put Web server and Mail server at DMZ and DB server at inside. One DNS for outside and one DNS for inside. Mail and Web service are no problem with inside to outside or outside into inside, but the Web server can't access the inside DB server.

My Pix : 515R v5.31

Web Server : 10.1.1.1

DMZ Interface : 10.1.1.11

DB Server : 172.16.1.1

DB Server gateway : 172.16.1.11

Inside Interface : 172.16.1.11

My setup configuration as the following:

static (inside,dmz) 10.1.1.2 172.16.1.11 netmask 255.255.255.255

access-list dmz permit tcp any any

access-list dmz permit ip any any

access-list dmz permit icmp any any

access-group dmz in interface dmz

I opened all security between dmz and inside, there has no help about access to DB server. Would some one experts help me to solve this problem? Did I miss something?

Best Regard,

2 Replies 2

rrbleeker
Level 1
Level 1

The static translation should be between 10.1.1.2 and 172.16.1.1 (not .11). This assumes that 10.1.1.2 is the IP address used by the web server to communicate with the DB server.

You should be much more specific with your access list, but I asume that you opened it up completely for troubleshooting purposes.

I hope this helps.

mbettis
Level 1
Level 1

static (inside,dmz) 172.16.1.0 172.16.1.0 netmask 255.255.255.0

Try something like the above.

This prevents translation from inside network when sending packets to the DMZ.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: