Unable to publish internal database server to webserver on DMZ

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Imran Vilcassim (mvimran_at_hotmail.com)
Date: 08/03/04 

Date: Tue, 3 Aug 2004 00:12:22 -0700

Hello,
       did u configure forwarding rules on the perimeter
firewall to forward incomming traffic for the database to
the ISA Server?

regards
Mohamed Imran Vilcassim (MCSE,MCT)
Technical Specialist - Microsoft MDP Sri lanka
email:mvimran@hotmail.com

>-----Original Message-----
>I hope someone can help with this...desparately......
>
>Using back to back DMZ, ISA is internal firewall.
Trying to publish a
>database server on the internal network to be only
accessible by the
>web
>server in the DMZ.
>
>(internet)--(firewall)--(webserver)--(ISA2000)--
(database server)
>
>Communication is via DRDA/DDM using TCP ports 446-449
and JDBC using
>ports 8470-8476. I have created protocol definitions
for the
>protocols. Since these don't let you give ranges, I
made 4 protocol
>definitions for the DRDA and 7 for the JDBC, one for
each port as TCP
>Incoming. I even tried adding both ranges to each
definition in the
>secondary connections.
>
>I made a client address set for the web server.
>
>I made a server publishing rule for each of these
protocol
>definitions, allowing the web server client address to
access the
>service on the IP address of the database server through
the external
>address of the ISA server. The database is a secure NAT
client.
>
>The webserver is not able to communicate with the
database server. I
>look in the firewall log and I can see that the request
is blocked, as
>the parameters #1 and #2 and tcp flag show: "1250
        449 SYN BLOCKED"
>
>I have been pulling my hair out over this and just can
not see what I
>have set wrong. I have successfully published a mail
server and OWA
>using SSL. I just cannot get this server to publish.
Any help would
>be much appreciated. (BTW, Tom, I bought both your
books) :-)
>
> James
>.
>

Relevant Pages

  • Re: Best way to connect remote windows 2003 server to main office
    ... disabling the firewall service to enable RRAS. ... TCP/IP to only accept traffic from the external interface of my ISA server? ... Would I enable RRAS on the remote server and setup a demand dial interface ...
    (microsoft.public.windows.server.networking)
  • RE: 2 router to internal sbs std network
    ... appaers that you have set up a firewall (ISA server) on your internal network. ... > and one ont thing from the remote site i can ping the main office ...
    (microsoft.public.windows.server.sbs)
  • Re: Back-to-Back Firewall Pix & ISA Server 2004
    ... This firewall runs faster because it has less to do. ... Microsoft Internet Security & Acceleration Server: ... Microsoft ISA Server Partners: Partner Hardware Solutions ... I have implemented a Setup companion of Pix as a Back-end Firewall and ISA ...
    (microsoft.public.isa.configuration)
  • Create SharePoint Portal failed.
    ... One mentioned ensuring that SQL Server uses a case ... 13:55:40 Service database server is 'USDC-JOHRIV'. ... Update dbo.propertylist set DisplayName = N'Last name' ...
    (microsoft.public.sharepoint.portalserver)
  • Re: ADO Connection Timeout
    ... to the central server, but you are willing to live with periods where it ... i.e. a local database or even a text file. ... to function until the connection can be restored to the server. ...
    (microsoft.public.data.ado)