Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
621
Views
0
Helpful
3
Replies

Configure external access

Go to solution
CliveG
Level 1
Level 1

‎10-03-2022 07:53 AM - edited ‎10-03-2022 07:54 AM

If I have a customer who co-locates on my network with a couple of servers and I configure a subnet, what's the best way to allow them access via teamviewer or similar just to their particular servers and no other devices on my network?

So, it would look something like this (topology only)

Customer servers --> Layer 2 switch --> Core (Gateway) --> Upstream core --> Internet --> Customer

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
RachelGomez161999
Spotlight
Spotlight

‎10-03-2022 10:51 PM

To enable remote connection on SQL Server right – click on the server and select the Properties option. In the Server Properties dialog under the Connections tab check the Allow remote connections to this server option:

Server Properties dialog - Connections tab - checking the Allow remote connections to this server option

Go to Start->Programs->Microsoft SQL Server 2005/2008/2012 ->Configuration Tools and select the SQL Server Configuration Manager:

Illustration of selecting the SQL Server Configuration Manager

Under the SQL Server Network Configuration select Protocols for <your server name>:

Selecting Protocols for <your server name> under the SQL Server Network Configuration

Make sure that TCP/IP protocol is enabled and right click on TCP/IP and select the Properties option. In the TCP/IP Properties dialog select the IP Addresses tab and scroll down to IPAII. If the TCP Dynamic Ports dialog box contains 0, which indicates that the Database Engine is listening on dynamic ports, delete the 0 and set the TCP Dynamic Ports to blank and TCP Port to 1433. Port 1433 is the default instance that SQL Server uses:

Configuring the IPAII properties via TCP/IP Properties dialog

When you click the OK button you will be prompted with a message to restart the service:

Warning message to restart the service

In the left pane of SQL Server Configuration Manager click SQL Server Services, right-click SQL Server<instance_name>, and click Restart:

Right-clicking SQL Server (instance name), and clicking Restart

If you’re using firewall you need to add an exception for the 1433 port to allow TCP/IP traffic on Port 1433

Configure a Windows Firewall for Database Engine Access
To add a firewall exception for the 1433 port go to Programs -> Administrative Tools select the Windows Firewall with Advanced Security option and follow the steps:

Selecting the Windows Firewall with Advanced Security option

In the Windows Firewall with Advanced Security dialog click on the Inbound Rules option and select the New Rule command:

Selecting the New Rule command

In the New Inbound Rule wizard select the Port option and click Next:

Selecting the Port option in the New Inbound Rule wizard

In the Protocols and Ports window specify the protocols and ports to which a rule applies. Select the TCP option, in the Specific local ports text box enter the 1433 port, and click Next:

Configuring protocols and ports in the New Inbound rule wizard

In the Action window select the Allow the connection to specify the action to be taken when a connection matches the conditions specified in the rule:

Selecting the Allow the connection in the Action window

Specify the profiles for which the rule applies in the Profile window, and click Next:

New Inbound Rule wizard - Profile dialog

In the last window specify the name of the created rule and click the Finish button:

Specifying the name of the created rule

You can now see the created rule in the list of inbound rules:

Viewing the created rule in the list of inbound rules

Configuring remote access on a named instance of SQL Server
If you using a named instance of SQL Server there are specific things you need to do to allow clients to access the SQL database remotely. As already stated, the default instance that SQL Server listens is port 1433. For a named SQL Server instance, the ports that are used to talk to the SQL Server are by default dynamic.

When a client makes a connection to a named instance of SQL Server, it sends a SQL Server Resolution Protocol (SSRP) UDP packet to the server machine User Datagram Protocol (UDP) port 1434.

To set up remote access to a SQL Server named instance go to Start->Programs->Microsoft SQL Server 2005/2008/2012 ->Configuration Tools and select the SQL Server Configuration Manager.

In the TCP/IP Properties dialog select the IP Addresses tab and scroll down to IPAII. Set the TCP Dynamic Ports to blank and TCP Port to 1434, and restart the SQL Server<server name> service.

When connecting to a SQL Server named instance SQL Server Browser claims the UDP port 1434. In the SQL Server Configuration Manager make sure that the SQL Server Browser is set to Automatic and Running:

Make sure that the SQL Server Browser is set to Automatic and Running using SQL Server Configuration Manager

In the Programs -> Administrative Tools -> Windows Firewall with Advanced Security add a firewall exception for the 1434 port and UDP in the Inbound Rules.

Regards,

Rachel Gomez

View solution in original post

0 Helpful

Go to solution
CliveG
Level 1
Level 1
In response to CliveG

‎10-05-2022 01:30 AM

All good. Completed. Created the VLNAs and also the Multicast and the subnet. All working

View solution in original post

0 Helpful
3 Replies 3

Go to solution
RachelGomez161999
Spotlight
Spotlight

‎10-03-2022 10:51 PM

To enable remote connection on SQL Server right – click on the server and select the Properties option. In the Server Properties dialog under the Connections tab check the Allow remote connections to this server option:

Server Properties dialog - Connections tab - checking the Allow remote connections to this server option

Go to Start->Programs->Microsoft SQL Server 2005/2008/2012 ->Configuration Tools and select the SQL Server Configuration Manager:

Illustration of selecting the SQL Server Configuration Manager

Under the SQL Server Network Configuration select Protocols for <your server name>:

Selecting Protocols for <your server name> under the SQL Server Network Configuration

Make sure that TCP/IP protocol is enabled and right click on TCP/IP and select the Properties option. In the TCP/IP Properties dialog select the IP Addresses tab and scroll down to IPAII. If the TCP Dynamic Ports dialog box contains 0, which indicates that the Database Engine is listening on dynamic ports, delete the 0 and set the TCP Dynamic Ports to blank and TCP Port to 1433. Port 1433 is the default instance that SQL Server uses:

Configuring the IPAII properties via TCP/IP Properties dialog

When you click the OK button you will be prompted with a message to restart the service:

Warning message to restart the service

In the left pane of SQL Server Configuration Manager click SQL Server Services, right-click SQL Server<instance_name>, and click Restart:

Right-clicking SQL Server (instance name), and clicking Restart

If you’re using firewall you need to add an exception for the 1433 port to allow TCP/IP traffic on Port 1433

Configure a Windows Firewall for Database Engine Access
To add a firewall exception for the 1433 port go to Programs -> Administrative Tools select the Windows Firewall with Advanced Security option and follow the steps:

Selecting the Windows Firewall with Advanced Security option

In the Windows Firewall with Advanced Security dialog click on the Inbound Rules option and select the New Rule command:

Selecting the New Rule command

In the New Inbound Rule wizard select the Port option and click Next:

Selecting the Port option in the New Inbound Rule wizard

In the Protocols and Ports window specify the protocols and ports to which a rule applies. Select the TCP option, in the Specific local ports text box enter the 1433 port, and click Next:

Configuring protocols and ports in the New Inbound rule wizard

In the Action window select the Allow the connection to specify the action to be taken when a connection matches the conditions specified in the rule:

Selecting the Allow the connection in the Action window

Specify the profiles for which the rule applies in the Profile window, and click Next:

New Inbound Rule wizard - Profile dialog

In the last window specify the name of the created rule and click the Finish button:

Specifying the name of the created rule

You can now see the created rule in the list of inbound rules:

Viewing the created rule in the list of inbound rules

Configuring remote access on a named instance of SQL Server
If you using a named instance of SQL Server there are specific things you need to do to allow clients to access the SQL database remotely. As already stated, the default instance that SQL Server listens is port 1433. For a named SQL Server instance, the ports that are used to talk to the SQL Server are by default dynamic.

When a client makes a connection to a named instance of SQL Server, it sends a SQL Server Resolution Protocol (SSRP) UDP packet to the server machine User Datagram Protocol (UDP) port 1434.

To set up remote access to a SQL Server named instance go to Start->Programs->Microsoft SQL Server 2005/2008/2012 ->Configuration Tools and select the SQL Server Configuration Manager.

In the TCP/IP Properties dialog select the IP Addresses tab and scroll down to IPAII. Set the TCP Dynamic Ports to blank and TCP Port to 1434, and restart the SQL Server<server name> service.

When connecting to a SQL Server named instance SQL Server Browser claims the UDP port 1434. In the SQL Server Configuration Manager make sure that the SQL Server Browser is set to Automatic and Running:

Make sure that the SQL Server Browser is set to Automatic and Running using SQL Server Configuration Manager

In the Programs -> Administrative Tools -> Windows Firewall with Advanced Security add a firewall exception for the 1434 port and UDP in the Inbound Rules.

Regards,

Rachel Gomez

0 Helpful

Go to solution
CliveG
Level 1
Level 1
In response to RachelGomez161999

‎10-04-2022 02:44 AM

Hi Rachel,

Many thanks for the extensive response however this is not what I am after. This is from a routing/switching perspective with Cisco 3750/C6880 VSS.

Thanks again.

0 Helpful

Go to solution
CliveG
Level 1
Level 1
In response to CliveG

‎10-05-2022 01:30 AM

All good. Completed. Created the VLNAs and also the Multicast and the subnet. All working

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card