Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Setting up a DMZ

We are setting up a DMZ for the first time. This DMZ will house webpages and a Microsoft outlook webaccess application, which will allow some of our remote users to access their mail. My questions are

1. Does ODBC work through a firewall and across subnets?

2.To keep users from accessing the internal network is the correct practice to setup an ACL on the DMZ port to allow only the nessary traffic?

3. These WebPages will need access to a sql server, which ports need should be opened on the ACL?

This will be running on ASA5510

2 REPLIES

Re: Setting up a DMZ

Hi,

1. Does ODBC work through a firewall and across subnets?

Hard to tell as ODBC is used by many appliacations, but if you intend to use MS SQL, then I think it can use SQL to allow ODBC to work.

2.To keep users from accessing the internal network is the correct practice to setup an ACL on the DMZ port to allow only the nessary traffic?

- Normal way of preventing incoming traffic into an interface or segment is to apply ACL on the interface/port where the traffic is coming from. This is because you can only apply one ACL to PIX/ASA interface (router can use 2 ACLs).

3. These WebPages will need access to a sql server, which ports need should be opened on the ACL?

This will be running on ASA5510

Open TCP port 1433 -1434 ( MS SQL)

http://www.insightdirect.com/docs/router_config/1433.htm

http://www.carlprothman.net/Default.aspx?tabid=90

Rgds,

AK

Re: Setting up a DMZ

1. should do.

2. Absolutely. Put an ACL on DMZ and only allow the minimum required. In fact, put tight ACLs on all interfaces.

3. TCP 1433, UDP 1434.

Note an ASA runs v7 and therefore you can have ACL inbound or outbound (on v6 it was only inbound), though I always just stick with inbound.

242
Views
0
Helpful
2
Replies
CreatePlease login to create content