Remote Connection to Sql Server

[OceanCity]

I'm trying to configure a pix 515e to allow external access to an internal MS Sql Server. I have added the following commands to the configuration file:

static (inside,outside) 12.x.x.9 192.168.1.5 netmask 255.255.255.255 0 0

access-list 101 permit tcp host 12.x.x.54 host 12.x.x.9 eq 1433 log

access-group 101 in interface outside

However when I telnet to test the port the connection is made and then it's dropped.

Pix Ver. 6.3(5)

Any ideas would be greatly appreciated.

 

[North323]

have you tried passing credentials? is the sql database locked down by IP or username?

 

[OceanCity]

So far no credentials checking, just trying to hit the box to verify communication. The sql box is locked down by username.

It seems like the pix is having a routing issue because from the inside the telnet connection works, while remotely it states the following:

C:\Telnet 12.x.x.9 1433
Connecting to 12.x.x.9... could not open connection to the host, on port 1433: connect failed

 

[North323]

what do the logs on the pix say? can you verify the NAT trans is happening?

 

[OceanCity]

Log Info:
<166>Jul 28 2009 11:54:27: %PIX-6-106100: access-list 101 permitted tcp outside/12.x.x.54(1085) -> inside/12.x.x.9(1433) hit-cnt 1 (first hit)

<166>Jul 28 2009 11:54:27: %PIX-6-609001: Built local-host inside:192.168.1.5

<166>Jul 28 2009 11:54:27: %PIX-6-305011: Built static TCP translation from inside:192.168.1.5/1433 to outside:12.x.x.9/1433

<166>Jul 28 2009 11:54:27: %PIX-6-302013: Built inbound TCP connection 876873 for outside:12.x.x.54/1085 (12.x.x.54/1085) to inside:192.168.1.5/1433 (12.x.x.9/1433)

Xlate Info:
PAT Global 12.x.x.10(19957) Local 192.168.1.198(47374)
PAT Global 12.x.x.10(18677) Local 192.168.1.198(48854)
Global 12.x.x.9 Local 192.168.1.5

 

[North323]

try passing credentials

 

[OceanCity]

No Luck.