• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SecureNat and SQL Server 2000

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> SecureNAT Client >> SecureNat and SQL Server 2000 Page: [1]
Login
Message << Older Topic   Newer Topic >>
SecureNat and SQL Server 2000 - 13.Nov.2004 2:40:00 PM   
shahidanwar

 

Posts: 5
Joined: 13.Nov.2004
Status: offline
I have configured SecureNat in ISA 2000. On client I Specify DNS and gateway of the server Webbrowsing is working fine. and so is command prompt Ping and Ftp.

I have A packetfilter that enables all trafic
A Content rule that enable all
and a protocol rule that enables all

Sqlserver is in USA and we are in asia. its active on an nostandard port 55124. if i install firewall client i am able to access it from client witout any change, but when itry using securenat it fails

How can i access my sql server 2000
Post #: 1
RE: SecureNat and SQL Server 2000 - 13.Nov.2004 5:39:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Shaid,

first of all, delete that all open IP packet filter ASAP! It is very bad from a security point of view.

Next, create a new protocol definition for your unstandard SQL protocol with as parameters: protocol = TCP, remote port = 55124 and direction = outbound.

At last, make sure the host (SecureNAT client) can resolve external DNS names.

BTW --- the meaning of 'all IP traffic' is different if the host is configured as a Firewall or SecureNAT client. For a Firewall client it means all TCP/UDP based protocols. However, for a SecureNAT client it means all configured protocol definitions.

HTH,
Stefaan

(in reply to shahidanwar)
Post #: 2
RE: SecureNat and SQL Server 2000 - 14.Nov.2004 7:21:00 AM   
shahidanwar

 

Posts: 5
Joined: 13.Nov.2004
Status: offline
Dear sir
Thanks for ur help it did soved my sql server problem. i have also corrected mistake u answered and it realy helped.
i have another problem.

We have layer3 switch network of 5 subnets
10.16.1.xxx
10.16.2.xxx
10.16.3.xxx
10.16.4.xxx
10.16.5.xxx

My isa server is in 10.16.5.xx range. its also dns server with ads

My problem is Firewall Cleints Accross diffrent subnets dont work well.

if i press refresh i get message refresed sucess full. but when ever some application tries to use it instead of gread and white icons. it becomes red warning icon, saying ISA server is Inaccessiable. thts why i planed for secureNnat. but its response time is slow even on web. how can i make it fast. I have 256k dsl. but its slow

I have 180 Users and i have set cache as

8192 MB size
Active cache disabled
Cache memory 75%
and Less frequent option in cache settings

kindly advice

thanks

(in reply to shahidanwar)
Post #: 3
RE: SecureNat and SQL Server 2000 - 14.Nov.2004 8:05:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Shaid,

quote:
My isa server is in 10.16.5.xx range. its also dns server with ads
What do you mean exactly with that? Is the ISA server also the DNS and the DC? [Confused]

Whenever I hear about bad performance, my first thoughts are always:
- bad NIC settings 10/100 Mbps Half/Full Duplex.
- bad routing infrastructure.
- bad DNS infrastructure.

So, please post the following info *unmodified*:
- ipconfig /all on ISA
- route print on ISA
- content of the LAT
- ipconfig /all on a host on another subnet.

BTW --- because you have an internal layer-3 switch, I would make the design as described in http://www.isaserver.org/articles/How_to_Implement_VPN_OffSubnet_IP_Addresses.html .

HTH,
Stefaan

(in reply to shahidanwar)
Post #: 4
RE: SecureNat and SQL Server 2000 - 18.Nov.2004 7:10:00 AM   
shahidanwar

 

Posts: 5
Joined: 13.Nov.2004
Status: offline
Dear Sir
Here are configurations. actualy there were holydays, sory for delay
thanks

Yes ISA Server is DNS and Domain Controller, Basicaly we have two domains, The ISA somain is at the moment not handling users.

[Frown] ISA Server Ipconfig /all
Windows IP Configuration

Host Name . . . . . . . . . . . . : cbrnet
Primary Dns Suffix . . . . . . . : internet.net
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : internet.net

Ethernet adapter Cbr:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Server Adapter
Physical Address. . . . . . . . . : 00-02-B3-C2-3C-E2
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.16.5.20
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.16.5.20

PPP adapter Lucent Dial-Up PPP Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 202.83.163.197
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 202.83.163.197
DNS Servers . . . . . . . . . . . : 202.83.160.14
202.83.160.41
NetBIOS over Tcpip. . . . . . . . : Disabled

[Frown] Route Print
Then I manualy add route
ROUTE ADD 10.0.0.0 MASK 255.0.0.0 10.16.5.1

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 02 b3 c2 3c e2 ...... Intel(R) PRO/100 Server Adapter - Packet Schedul
er Miniport
0x20004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 202.83.163.197 202.83.163.197 1
10.0.0.0 255.0.0.0 10.16.5.1 10.16.5.20 1
10.16.5.0 255.255.255.0 10.16.5.20 10.16.5.20 20
10.16.5.20 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.16.5.20 10.16.5.20 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
202.83.160.35 255.255.255.255 202.83.163.197 202.83.163.197 1
202.83.163.197 255.255.255.255 127.0.0.1 127.0.0.1 50
202.83.163.255 255.255.255.255 202.83.163.197 202.83.163.197 50
224.0.0.0 240.0.0.0 10.16.5.20 10.16.5.20 20
224.0.0.0 240.0.0.0 202.83.163.197 202.83.163.197 1
255.255.255.255 255.255.255.255 10.16.5.20 10.16.5.20 1
Default Gateway: 202.83.163.197
===========================================================================
Persistent Routes:
None

[Frown] Ipconfig ON Client

Windows IP Configuration

Host Name . . . . . . . . . . . . : shahid
Primary Dns Suffix . . . . . . . : etech.net
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : etech.net

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : etech.net
Description . . . . . . . . . . . : Accton EN1207D-TX PCI Fast Ethernet Adapt
er #2
Physical Address. . . . . . . . . : 00-10-B5-63-AB-B9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.16.1.21
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.16.1.254
DHCP Server . . . . . . . . . . . : 10.16.1.20
DNS Servers . . . . . . . . . . . : 10.16.5.20
10.16.1.20
Lease Obtained. . . . . . . . . . : Wednesday, November 17, 2004 2:53:17 PM
Lease Expires . . . . . . . . . . : Thursday, November 25, 2004 2:53:17 PM

[Frown] Lat On ISA

From To Description
10.16.1.0 10.16.1.255
10.16.1.0 10.16.255.255
10.16.1.20 10.16.1.50
10.16.2.0 10.16.2.255
10.16.3.0 10.16.3.255
10.16.5.0 10.16.5.19
10.16.5.21 10.16.5.255
10.16.7.0 10.16.7.255
10.255.255.255 10.255.255.255

(in reply to shahidanwar)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> SecureNAT Client >> SecureNat and SQL Server 2000 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts