Re: Unable to publish internal database server to webserver on DMZ

From: James990 (soc0199_at_yahoo.com)
Date: 08/03/04 

Date: 3 Aug 2004 07:32:56 -0700

The perimeter firewall is forwarding traffic fine. The problem is
that the web server in the DMZ cannot communicate through the ISA
server to the database on the internal network.

"Imran Vilcassim" <mvimran@hotmail.com> wrote in message news:<a11801c47929$38cac790$a501280a@phx.gbl>...
> Hello,
> did u configure forwarding rules on the perimeter
> firewall to forward incomming traffic for the database to
> the ISA Server?
>
> regards
> Mohamed Imran Vilcassim (MCSE,MCT)
> Technical Specialist - Microsoft MDP Sri lanka
> email:mvimran@hotmail.com
>
> >-----Original Message-----
> >I hope someone can help with this...desparately......
> >
> >Using back to back DMZ, ISA is internal firewall.
> Trying to publish a
> >database server on the internal network to be only
> accessible by the
> >web
> >server in the DMZ.
> >
> >(internet)--(firewall)--(webserver)--(ISA2000)--
> (database server)
> >
> >Communication is via DRDA/DDM using TCP ports 446-449
> and JDBC using
> >ports 8470-8476. I have created protocol definitions
> for the
> >protocols. Since these don't let you give ranges, I
> made 4 protocol
> >definitions for the DRDA and 7 for the JDBC, one for
> each port as TCP
> >Incoming. I even tried adding both ranges to each
> definition in the
> >secondary connections.
> >
> >I made a client address set for the web server.
> >
> >I made a server publishing rule for each of these
> protocol
> >definitions, allowing the web server client address to
> access the
> >service on the IP address of the database server through
> the external
> >address of the ISA server. The database is a secure NAT
> client.
> >
> >The webserver is not able to communicate with the
> database server. I
> >look in the firewall log and I can see that the request
> is blocked, as
> >the parameters #1 and #2 and tcp flag show: "1250
> 449 SYN BLOCKED"
> >
> >I have been pulling my hair out over this and just can
> not see what I
> >have set wrong. I have successfully published a mail
> server and OWA
> >using SSL. I just cannot get this server to publish.
> Any help would
> >be much appreciated. (BTW, Tom, I bought both your
> books) :-)
> >
> > James
> >.
> >

Relevant Pages

  • RE: OWA page not displayed Outside
    ... Open the ISA Server management console, ... On the ISA Server computer, stop the Microsoft Firewall service. ...
    (microsoft.public.windows.server.sbs)
  • RE: OWA page not displayed Outside
    ... Open the ISA Server management console, ... On the ISA Server computer, stop the Microsoft Firewall service. ...
    (microsoft.public.windows.server.sbs)
  • RE: OWA page not displayed Outside
    ... Open ISA 2006 management console. ... Expand the server node and highlight 'Monitoring'. ... Click 'Configure Firewall Logging'. ... |> internal client as both the web proxy client and firewall client? ...
    (microsoft.public.windows.server.sbs)
  • RE: Firewall service and remoteaccess service shut down frequently
    ... Do you have run the CEICW after installing the ISA components? ... please open SBS server management console, ... Click the Add Adapter button, and add your internal network adapter ... Meanwhile, from the subject, you said you the firewall service and RRAS ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA Server or Firewall Appliance?
    ... You are setting up your network for your newly established company. ... ISA Server or Firewall Appliance? ... ISA Server or Firewall Appliance? ...
    (Focus-Microsoft)