Marko Tarvainen
asked on
SQL Database access with 1:1 NAT? Is it possible
We have had same ip address on two of our locations. There have been 1:1 NAT between sites and we have been able to use network resources with this. However with new software that needs SQL Database access to 1433 port. This doesn't work now with NAT between sites. Any ideas how to get this work? Does SQL or SQL Client need some other settings?
Networks on both site are 192.168.0.0/24 and NAT is 10.0.17.0/24
Networks on both site are 192.168.0.0/24 and NAT is 10.0.17.0/24
ASKER
Yes, I try to use 10.0.17.x address, I can ping it, and I can RDP the server etc... But the SQL Database access doesn't work. If I bring the laptop to this site, and it gets 192.168.0.x address SQL connection works.
NAT involves a router / firewall. Is the filter there allowing 1433 to pass through, and is NAT setup for that .X address to the right server behind it. (And is routing on the database server to return through THAT router for addresses behind the .X address.
(It also requires the remote systems to sources nat so it seems tom come from the 10.0.17.Y address.
Your description seems to hint at a setup like:
192.168.0.0/24 [ router ] 10.0.17.0/24 [ router ] 192.168.0.0/24
Which is troublesome anyway
(It also requires the remote systems to sources nat so it seems tom come from the 10.0.17.Y address.
Your description seems to hint at a setup like:
192.168.0.0/24 [ router ] 10.0.17.0/24 [ router ] 192.168.0.0/24
Which is troublesome anyway
ASKER
VPN between sites allows all ports. 1433 traffic shows on router logs as allowed. I know this is troublesome, but is it possible? Or is it easier to go and change the another site to different network
There is NO difference between webserver traffic, SSH traffic, e-mail etc. or SQL server traffic as seen from the networks stack.
The only difference is the portnumber on server side.....
That is also where firewalls take care of.
W.r.t. network management, a network should only have the same addresses if they are the SAME or if they have nothing to do with each other... Clearly this doesn't fit your description.
My advise: change both sides address ranges..., f.e. one side to 192.168.124.0/24 the other: 192.168.136.0/24
(so any other network has a better chance to connect to yours).
The only difference is the portnumber on server side.....
That is also where firewalls take care of.
W.r.t. network management, a network should only have the same addresses if they are the SAME or if they have nothing to do with each other... Clearly this doesn't fit your description.
My advise: change both sides address ranges..., f.e. one side to 192.168.124.0/24 the other: 192.168.136.0/24
(so any other network has a better chance to connect to yours).
ASKER
Yes, I know there is no difference. But this one old SQL based client software doesn't work. I think there is some hard coded ip address in software or something. Tried with telnet and the 1433 on database server responds.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you mean 192.168.0.X address no it will never work as that it will never be routed off the premisses.