SQL 2008 Replication to DMZ Security

I have 2 SQL Server 2008 servers. One located in an internal domain and the other located in a DMZ facing the internet. The one in the domain is replicating one-way to the SQL server in the DMZ.

In order for the them to talk to each other I have to open a port on the firewall and also had to create a persistent route locally on each server to get them to talk to each other.

This leaves a big security hole I think. Because if someone was able to take over the server in the DMZ then they would have complete access to the server in the domain.

How can I do one-way replication in a secure way?
LVL 2
junglecomAsked:
Who is Participating?
 
decoleurCommented:
Hi junglecom-

You should not need to have the persistant route, the default route on the servers should be sufficient. If you do you could use NAT and NAT the inside SQL server to an IP address on the DMZ so the DMZ SQL server wouldn't have to know anything about where the inside server is.
To force the replication to only work from the inside to the DMZ you could restrict the SQL traffic from the DMZ to the inside using the established key word at the end of the ACL. This would only allow traffic from the DMZ to the inside that is a response to traffic that originated from the inside.

let us know if you need any help setting this up.

-t
0
 
junglecomAuthor Commented:
I just started on ISA so I would LOVE your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.