LANMAN_TA
asked on
IIS Server to internal SQL Server - Works with cross over, doesn't work in DMZ.
Configuration:
1) In a test environment I have a IIS Server (Running MS Web Ed 2003) in a DMZ.
2) I have my laptop connected to the WAN port of the firewall pretending to be a internet customer
3) On the LAN port of my firewall I have my SQL 2005 server waiting for requests.
4) I have updated both the Web Server and SQL server with the appropriate routing statements
Event:
When I connect to my webserver using my laptop, I get my webpage and I begin to login and request information that will send a request to my SQL database.
Problem:
1) When I leave the IIS server connected to the DMZ and program the firewall to allow all ports and services through, the data from the SQL server times out.
2) If I put a crossover cable between the IIS server and the SQL server (changing the IP address to match the same segment of course) then it works fine. The data being displayed works great.
I've called the firewall support line and they had be do some packet captures and the only thing we see are SQL handshakes; The packets are entering and exiting the firewall as it should so support is saying its not the firewall. (using other tools to show this..)
Support is saying I'm pretty much on my own.... Where else do I go? (Experts Exchange.. of course)
Thanks in advance.
--LANMAN
1) In a test environment I have a IIS Server (Running MS Web Ed 2003) in a DMZ.
2) I have my laptop connected to the WAN port of the firewall pretending to be a internet customer
3) On the LAN port of my firewall I have my SQL 2005 server waiting for requests.
4) I have updated both the Web Server and SQL server with the appropriate routing statements
Event:
When I connect to my webserver using my laptop, I get my webpage and I begin to login and request information that will send a request to my SQL database.
Problem:
1) When I leave the IIS server connected to the DMZ and program the firewall to allow all ports and services through, the data from the SQL server times out.
2) If I put a crossover cable between the IIS server and the SQL server (changing the IP address to match the same segment of course) then it works fine. The data being displayed works great.
I've called the firewall support line and they had be do some packet captures and the only thing we see are SQL handshakes; The packets are entering and exiting the firewall as it should so support is saying its not the firewall. (using other tools to show this..)
Support is saying I'm pretty much on my own.... Where else do I go? (Experts Exchange.. of course)
Thanks in advance.
--LANMAN
ASKER
SQL Server Security.
--LANMAN
--LANMAN
If you plug your laptop into the dmz can you connect to the sql server via enterprise tools?
ASKER
Sorry to keep you waiting.. I will test this and post the results.
--LANMAN
--LANMAN
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
Vee_Mod
Community Support Moderator
Ok, so it sounds like you have this situation
|laptop| (WAN)
|
|firewall| --- |SQL Server| (LAN)
|
|webserver|(DMZ of Firewall)
Are you connecting from the webserver to the sql server with Integrated Security or SQL Server Security?