Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SQL DMZ

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> DMZ >> SQL DMZ Page: [1]
Login
Message << Older Topic   Newer Topic >>
SQL DMZ - 15.May2001 6:56:00 PM   
marcush

 

Posts: 10
Joined: 15.Mar.2001
From: sweden
Status: offline 		Hi,

I have a tre homed setup.

On my internal network i have an sql sever with a private range ip.
On the perimeter network i have a WWW server with a public ip that vill make querys to the sql server in my internal network. Is that possible and how do i do it?

Thanx in advance
Marcus

------------------
Post #: 1
RE: SQL DMZ - 16.May2001 1:28:00 PM   
bobajob

 

Posts: 12
Joined: 28.Mar.2001
From: London
Status: offline 		Hi,

You need to setup up a protocol def for
port 1433 outbound from you local network
(Configured as a secureNAT client)
then you need to setup the MTS transactions
this is a bit tricky see q250367 this explains how to restrict the port ranges for
RPC and the DTS connections.

Let me kow how you get on

Cheers

BOB



(in reply to marcush)
Post #: 2
RE: SQL DMZ - 17.May2001 4:34:00 AM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Marcus,

There are two ways to do this:

1. Publish the SQL server ports required for the transaction with the Web Server

2. Better, create a VPN connection between the web server and the SQL server.

HTH,
Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/


Get it Here!


(in reply to marcush)
Post #: 3
RE: SQL DMZ - 22.May2001 1:13:00 PM   
bobajob

 

Posts: 12
Joined: 28.Mar.2001
From: London
Status: offline
quote:
Originally posted by tshinder:
Hi Marcus,

There are two ways to do this:

1. Publish the SQL server ports required for the transaction with the Web Server

2. Better, create a VPN connection between the web server and the SQL server.

HTH,
Tom

Hi,

Tom

How would you create the VPN between the webserver and the SQL server ?

cheers

bob


(in reply to marcush)
Post #: 4
RE: SQL DMZ - 23.May2001 8:04:00 PM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Bob,

Make the machine on the DMZ a VPN server and the machine on the internal network a VPN client.

HTH,
Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

Get It Here


(in reply to marcush)
Post #: 5
RE: SQL DMZ - 30.May2001 9:45:00 PM   
DeveloperX

 

Posts: 4
Joined: 30.May2001
Status: offline
quote:
Originally posted by tshinder:
Hi Bob,

Make the machine on the DMZ a VPN server and the machine on the internal network a VPN client.

HTH,
Tom


Ok, I have your book right here, and on page 603 is has Enabling Communication between Perimeter Hosts and the Internal Network. I have followed the directions, but it does not work. I looked in the logs and the packets are being blocked. Is there a quick and easy way to do this, besides using VPN


(in reply to marcush)
Post #: 6
RE: SQL DMZ - 2.Jun.2001 7:47:00 PM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi X,

What have you tried that did not work?

Thanks!

Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

Get It Here


(in reply to marcush)
Post #: 7
RE: SQL DMZ - 8.Jun.2001 5:45:00 PM   
DeveloperX

 

Posts: 4
Joined: 30.May2001
Status: offline 		I am trying to get SQL on an internal interface to communicate with a web server in my DMZ. I created client address sets for the 3 segments of my network. I published the SQL server to the perimeter network using server publishing rules and address sets. The NIC card on the perimeter net has only one IP assigned at present. So I set the server publishing rule use that IP, and use the built in Microsoft SQL server definition for the incoming packets.
I put a port sniffer on the Perimeter network, and I can see the packets making it to the interface, but they never get routed onto the internal network. I put a port sniffer on the internal network and observed that the packets never show up on the internal network.
I checked the logs from ISA, the packets are not being blocked at the perimeter network NIC.
What is the problem, I even tried packets filters to handle the outgoing SQL calls from the Web box.
Also can the Web box on the perimeter network make the sql call to the actual ip's on the internal interface, or do I have to call the "Published ip on the perimeter network?"
I am about to change to a point to point configuration.
Thanks for any help you can be on this issue.


quote:
Originally posted by tshinder:
Hi X,

What have you tried that did not work?

Thanks!

Tom


(in reply to marcush)
Post #: 8
RE: SQL DMZ - 9.Jun.2001 3:52:00 AM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Dev,

What is the purpose of using the interface address for the DMZ in the rule? The rule should be using the IP address of the server on the DMZ and *not* the ISA Server interface that interfaces with the DMZ.

HTH,
Tom

------------------
Tom Shinder
http://www.isaserver.org/shinder/

Get It Here


(in reply to marcush)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> DMZ >> SQL DMZ Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts