cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1155
Views
0
Helpful
3
Replies

Setup port-forward in firewall to access SQL-database

cs
Level 1
Level 1

Hello Cisco-forum

I have searched through google, youtube and the like for a solution - but I have not had any luck.

I hope that you someone will be able to help me in my situation:

We are getting a new webpage / webshop, that is being made by a supplier.
The webshop is to be connected to our economic system, which stores all our products, prices, customers etc.
The information is stored in a Microsoft SQL Database on our mainframe.

On the same network as the mainframe is the Cisco firewall and from there connected to the internet.

The webpage and webshop will be hosted at the suppliers server at a remote location.

I need a solution like this: Supplier Server -> Cisco Firewall -> Mainframe -> Mainframe SQL Server

The supplier server uses 2 IP-addresses to connect - lets call them A and B.

We use a static IP - lets call it C

The mainframe has an internal IP and we call it D.

Inside the mainframe is the SQL Database that is protected by a username and password, though, this shouldn't be as big an issue, as the connection itself.

Information on the internet shows that a TCP and maybe a UDP port needs to be open for this to work.

My question now is, using the Cisco ASDM 6.4 for ASA, how would I set this up?

Reading on the net has gotten me around areas of Access Rules, NAT Rules, Network Objects and Service Objects. 
As none of the tutorials relate directly to what I am doing, I have tried my best - but I am out of luck.

For an experienced, this might be an easy task - so I hope that someone will be able to show me the light, in what to create in the areas and how to connect it together.

If you have the knowledge, then I will be very grateful for your assistance and I send many thanks in advance for any assistance.

Kind regards,

Christian

P.S.: If any additional information is needed, do not hesitate to ask and a I will supply as fast as possible

3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

The bad solution is to forward tcp/1433 to your SQL server.

However this box is obviously very important to your business.  The traffic should be secured using a VPN.  Then you wouldn't have to do NAT.  You could only need an access rule to allow the traffic.

Hello Philip

Thank you for your reply.

I will suggest the VPN connection to the supplier.

Would limiting the access rule to the suppliers 2 IP-adresses make it a better solution in regards to the forwarding?

Kind regards,

Christian

I would do that in either case.