Link to home
Start Free TrialLog in
Avatar of nasemabdullaa
nasemabdullaa

asked on

Connect to SQL from outside after ASA5550

Hello
Please I have SQL 2800 DATABASE and it’s on windows server 2008 this server is behind ASA5550. Please I made static NAT  for server but I cannot connect to database

Below my ASA configuration

Server  network information
IP address 172.16.0.201
Mask 255.255.255.0
Gateway 172.16.0.1
DNS 172.16.0.201

Any help
Regards



ASA Version 7.2(3)                  
! 
hostname ciscoasa                 
enable password X.y0JGA9o6phmjQ6 encrypted                                          
names     
! 
interface Ethernet0/0                     
 nameif outside               
 security-level 0                 
 ip address 82.205.240.98 255.255.255.224                                         
! 
interface Ethernet0/1                     
 nameif inside              
 security-level 100                   
 ip address 172.16.0.1 255.255.255.0                                    
! 
interface Ethernet0/2                     
 shutdown         
 no nameif          
 no security-level                  
 no ip address              
! 
interface Et          
 shutdown         
 no nameif          
 no security-level                  
 no ip address              
! 
interface Management0/0                       
 nameif management                  
 security-level 100                   
 ip address 192.168.1.1 255.255.255.0                                     
 management-only                
! 
passwd X.y0JGA9o6phmjQ6 encrypted                                 
ftp mode passive                
object-group service VSX8000_TCP tcp                                    
 port-object eq www                   
 port-object eq ldap                    
 port-object eq 1503                    
 port-object eq h323                    
 port-object eq 1731                    
object-group service VSX8000_TCPUDP tcp-udp                                           
 port-object range 3230 3239                            
object-group protocol TCP-UDP                             
 protocol-object tcp                    
 protocol-object udp                    
access-list INBOUND extended permit tcp any host 82.205.240.99 object-group VSX8                                                                                
000_TCP       
access-list INBOUND extended permit object-group TCP-UDP any host 82.205.240.99                                                                               
object-group VSX8000_TCPUDP                           
pager lines 24              
logging asdm informational                          
mtu outside 1500                
mtu inside 1500               
mtu management 1500                   
icmp unreachable rate-limit 1 burst-size 1                                          
no asdm history enable                      
arp timeout 14400                 
global (outside) 1 interface                            
nat (inside) 1 0.0.0.0 0.0.0.0                              
static (inside,outside) 82.205.240.99 172.16.0.200 netmask 255.255.255.255 
static (inside,outside) 82.205.240.100 172.16.0.201 netmask 255.255.255.255                                                                          
access-group INBOUND in interface outside                                         
route outside 0.0.0.0 0.0.0.0 82.205.240.97 1                                             
timeout xlate 3:00:00                     
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02                                                                 
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00                                                                              
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00                                                                               
timeout uauth 0:05:00 absolute                              
http server enable                  
http 172.16.0.0 255.255.255.0 inside                                    
http 192.168.1.0 255.255.255.0 management                                         
no snmp-server location                       
no snmp-server contact                      
snmp-server enable traps snmp authentication linkup linkdown coldstart                                                                      
telnet 172.16.0.0 255.255.255.0 inside                                      
telnet timeout 5                
ssh timeout 5             
console timeout 0                 
dhcpd dns 172.16.0.2 82.205.224.9                                 
! 
dhcpd address 172.16.0.20-172.16.0.120 inside                                             
dhcpd enable inside                   
! 
dhcpd address 192.168.1.2-192.168.1.254 management                                                  
dhcpd enable management                       
! 
! 
class-map inspection_default                            
 match default-inspection-traffic                                 
! 
! 
policy-map type inspect dns preset_dns_map                                          
 parameters           
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
username nasem password M2PQQZooHuN7Zwvm encrypted privilege 15
prompt hostname context
Cryptochecksum:38eaa06b577debad47548ccd78b8d245

Open in new window

SOLUTION
Avatar of CarlvanEijk
CarlvanEijk
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Ernie Beek
Ernie Beek
Flag of Netherlands image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of nasemabdullaa
nasemabdullaa

ASKER

Hello

Thank you for your kind reply

Please you mean I need to add this command to my ASA
access-list INBOUND extended permit tcp any host 82.205.240.100 object-group VSX8000_TCP                                                              
access-list INBOUND extended permit object-group TCP-UDP any host 82.205.240.100 object-group VSX8000_TCPUDP


Regards
Indeed.

82.205.240.100 points to the 172.16.0.201 which you said is the SQL server.
82.205.240.99 points to the 172.16.0.200 which is ?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
CarlvanEijk is right there (I overlooked the ports :-~  )

So set up the right object group but use 82.205.240.100 in the accesslist insted of 82.205.240.99