Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have a test web server inside our DMZ that accesses a sql server on the inside network. The problem is when I create the access rule access-list DMZ_inf_in permit tcp host 172.16.10.250 eq 1433 host 10.10.2.28 eq 1433 and create the static routesta...
Okay, I found the problem. Unbelievable, one of our network administrators had mistakly plugged in a network cable from the DMZ switch to the internal LAN switch. Thank you for all your help.
Here is a very stripped version of the configPIX Version 6.1(4)nameif ethernet0 outside security0nameif ethernet1 inside security100nameif ethernet2 DMZ security50fixup protocol ftp 21fixup protocol http 80fixup protocol h323 1720fixup protocol rsh 5...
Company policy will not allow me to post the config, I contacted Cisco they wanted the access-list changed to:access-list DMZ_inf_in permit tcp host 172.16.10.250 host 10.10.2.28 eq 1433I did this and I still have the problem. here are some trap logs...
Thank you for your thoughts. However, I have other devices in the DMZ access our internal network without issues. Is there a fix up protocol I'm might be missing? It seems to be the static NAT causing the current issue.
I'm sorry for the confusion.The DMZ ip address 172.16.10.250 (Web server)SQl Server 10.10.2.8 (Inside network)The address 10.10.31.7 is a workstation on the inside network pinging the SQl server.Here is the access-list for the web server to access th...
