The magic port and protocol are tcp 1433 Make sure you have something like the following:
access-list acl-dmz permit tcp host 192.168.1.1 host 192.168.1.x eq 1433 static (inside,dmz1) 192.168.1.x 172.16.y.z netmask 255.255.255.255 0 0 Where 192.168.1.1 is your web server on the DMZ and 172.16.y.z is you SQL server on the inside. Obviosly you have to allow outside traffic to the web server, but you state that is working. Glenn -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Marc Sahr Sent: Wednesday, January 23, 2002 12:39 PM To: [EMAIL PROTECTED] Subject: Cisco PIX and MS-SQL Hi all, Does anyone know how to config a Cisco PIX 515 for SQL/Web traffic? I have a PIX 515 w/IOS 6.0(1), it has a DMZ interface. I have a MS web server on the DMZ, and a MS SQL server on the inside interface. The SQL server is a data backend for the web frontend... I want users to access the website, but I want to keep the SQL servers protected. Try as I might I cannot make this work. Ever. I have opened all ports on all interfaces, I even started a TAC case with Cisco and they don't know why it doesn't work. All hosts on all ports can ping each other via IP address, I have verified that all subnets, masks, gateways, etc. are properly configured. Hosts on the outside interface can see the web server, can access the site, but can't access the actual data backend. I even tested the connection between the SQL and Web servers physically bypassing the PIX, sniffed the port traffic between the machines and found nothing out of the ordinary. What am I missing here? What magic port or protocol could be blocking this? Any ideas? TIA for any help... Marc Sahr Network Administrator [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
