Solved

ISA Firewall client blocks connection to SQL Server

Posted on 2006-06-27
5
452 Views
Last Modified: 2013-11-16
Dear Experts,

I lost myself serching for the cure to connect my internal user to SQL Server through ISA Firewall Client. I am using ISA 2000 on the server. The point is that user's machine has two NIC's. One has LAT address and the other one has other subnet address wher SQL resides. I can ping SQL server. I can browse shared folders on it. But I can not telnet port 1433. If I disable Firewall client, I can get SQL server (even port 1433). And my application is connected successfully. If I turn it back on I gives me error, saying SQL server is unavailable or access denied. I tried to set [appl_file_exe_name] Disable=0 so that Firewall does not deal with it at all. Still I get the same error. I tried to set [appl_file_exe_name] RemoteTcpPorts=1433. Still no success.

If you have any ideas, please share it
I appreciate your help very much.

Looking forward to hearing from you  
0
Comment
Question by:Terrible_macro
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16998632
The isa client is sending all traffic, web and socks, to the ISA server. If you check your isa logs you will see the deny errors listed in the fw log. Create a rule on ISA allowing internal to internal comms for the sql traffic.
0
 

Author Comment

by:Terrible_macro
ID: 16998875
Guys,

Thanks, but I have alredy found solution. The problem was with understanding LAT and ISA. The point is that ISA client checks IP queries with LAT, received from ISA server. If it does not find IP it routes request to ISA server. In my case, I did not put local SQL server subnet to LAT. When user opens application to receive data from SQL server it makes request to IP address from other subnet. ISA client looks for this IP in LAT. It can not find it there so it transfers it to ISA server. ISA server processes the request as external, but it can not find the IP address (because no routing is set on the server: host unreachable). Then ISA server returns to client "connection failed". I added SQL server subnet to ISA LAT so that requests to SQL server ip address avoid being sent to ISA server.

Again,
Sorry for bothering you guys.
Hope I can share my solution with other people.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17003806
It is a requirement for the LAT on the ISA to have ALL addresses that it (ISA server) can access through its internal interface.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 17183020
PAQed with points refunded (250)

DarthMod
Community Support Moderator
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question