Solved: How to Block SQL Port access inside the LAN

roopesh.n · ‎01-03-2013

Dear Experts,

I have a query . In my office we have a sql sever in LAN so peoples are able to connect to SQL server on port 1433. Now we want to deny users from accessing the Sql server in port 1433 .Same time Adminstrator shoud be abe to connect.

Thanks

Roopesh

Abzal · ‎01-03-2013

Hi,

You can create simple ACL

Example:

Suppose you have users: 192.168.1.0/24 range.

SQL server located on 192.168.2.0/24 subnet.

And admin with IP address 192.168.1.100 and SQL server with 192.168.2.200.

ip access-list extended BlockSQL

permit ip host 192.168.1.100 host 192.168.2.200

deny tcp 192.168.1.0 0.0.0.255 host 192.168.2.200 eq 1433

permit ip any any

Then you need to apply it on interface

Router:

int f0/0

ip add 192.168.1.1 255.255.255.0

ip access-group BlockSQL in

This link may help you to understand.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml

Hope it will help.

Best regards,
Abzal

View solution in original post

Abzal · ‎01-03-2013

Hi,