Syslog, syslog, syslog. Review your log data from the Pix and determine what the fate of this traffic is. Do you see denies associated with this IP address? Doe it show successful connections built? Try setting your logging to Logging Trap informational Logging on Logging 192.168.0.5 Here is an easy to use FREE windows syslog server for collecting those logs. http://www.kiwisyslog.com/index.htm Be very careful with enabling TCP Syslog as it will shutdown traffic if your logging platforms disks become full. You haven't posted relevant parts of your config either, have you created the static? Is the ACL applied to the correct interface? View the ACL, if it is similar to the conduit command you will have a hit count associated with the rules. In this case you may need more specific rules. Can you successfully connect from the server console to the database from the DMZ host? Try setting up an ODBC connection and accessing the database from the server to confirm connectivity on the backend. If all else fails setup a sniffer and capture traffic. Once captured you can analyze the traffic and see at what point the system breaks. As you are troubleshooting try to think systematically. IE, You know you can connect to the website so the static and rule for that are OK. HTH. Ken
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Marc Sahr Sent: Tuesday, January 29, 2002 10:48 AM To: [EMAIL PROTECTED] Subject: SQL and web across the PIX 2nd go-round of this problem: I still can't get my web server and my SQL server to communicate successfully (ie login to the SQL database application from the browser window) through the PIX. To reiterate the scenario: My MS IIS 5 web server is located on the DMZ, my SQL 2000 server is located on the inside interface, and the clients are on the outside interface. All servers and clients are W2K/SP2. All servers are latest service pack for their respective platforms. Clients can see the website as a static-translated IP address through the PIX. They can't log on to the SQL application (error message is MS-speak for "can't find database"). All ports are allowed access through ACLs on the PIX bidirectionally through the PIX. Remember this is a test envionment so that's OK. All protocols are allowed access as above. All hosts can ping each other, their interfaces, etc. ICMP is allowed in the config. So, I ask again: Any ideas? TIA, Marc Sahr Network Administrator [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
<<application/ms-tnef>>
