IIS6, VPN, SQL Server 2000

If we have a SQL Server 2000 database on our internal LAN and an
external IIS6 Server with ASP.NET pages using SQL Authentication talking
to the SQL Server through the Internet "cloud" via VPN/Firewall Gateway
devices on either end of the connection (with port 1433 enabled), would
the traffic over the VPN be transparent to SQL Server or do we need to
configure SQL Server to handle it? We are running Windows 2003 server.
Thanks
TimoSQL-- IIS --VPN--Internet--VPN
I'm asuming this is your configuration..
So if your configuration is like this, then once the VPN tunnel is made,
then whatever protocols you're using will be sent across the VPN.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||Kevin,
Thanks for the reply. Actually, we will have two IIS Servers, IIS#1 on
our internal LAN used for intranet apps, IIS#2 external for internet
apps visible to the public. The configuration would be like this:
{LAN: IIS#1--SQL } --VPN--{tunnel}--VPN--IIS#2--{Internet}
If I understand you correctly, when SQL gets the request from the IIS#
2, the traffic will look to SQL no different from any other traffic over
port 1433, even though it has come through the tunnel.
Apart from making sure the VPN/Firewall has port 1433 open, is there
anything else required of the VPN to support traffic between SQL and
IIS#2?
Timo
In article <X3QoXmmJEHA.3088@.cpmsftngxa10.phx.gbl>,
kevmc@.online.microsoft.com says...
> SQL-- IIS --VPN--Internet--VPN
> I'm asuming this is your configuration..
> So if your configuration is like this, then once the VPN tunnel is made,
> then whatever protocols you're using will be sent across the VPN.
>
> Thanks,
> Kevin McDonnell
> Microsoft Corporation
> This posting is provided AS IS with no warranties, and confers no rights.|||From what I can see your analysis is correct.
Cheers
Ken
"Timo" <t@.anonymous.com> wrote in message
news:MPG.1aeed52797260409896be@.msnews.microsoft.com...
: Kevin,
: Thanks for the reply. Actually, we will have two IIS Servers, IIS#1 on
: our internal LAN used for intranet apps, IIS#2 external for internet
: apps visible to the public. The configuration would be like this:
:
: {LAN: IIS#1--SQL } --VPN--{tunnel}--VPN--IIS#2--{Internet}
:
: If I understand you correctly, when SQL gets the request from the IIS#
: 2, the traffic will look to SQL no different from any other traffic over
: port 1433, even though it has come through the tunnel.
:
: Apart from making sure the VPN/Firewall has port 1433 open, is there
: anything else required of the VPN to support traffic between SQL and
: IIS#2?
: Timo
:
: In article <X3QoXmmJEHA.3088@.cpmsftngxa10.phx.gbl>,
: kevmc@.online.microsoft.com says...
: >
: > SQL-- IIS --VPN--Internet--VPN
: >
: > I'm asuming this is your configuration..
: > So if your configuration is like this, then once the VPN tunnel is made,
: > then whatever protocols you're using will be sent across the VPN.
: >
: >
: >
: > Thanks,
: >
: > Kevin McDonnell
: > Microsoft Corporation
: >
: > This posting is provided AS IS with no warranties, and confers no
rights.|||previous post;
"If I understand you correctly, when SQL gets the request from the IIS#
2, the traffic will look to SQL no different from any other traffic over
port 1433, even though it has come through the tunnel.
"
Correct.
"Apart from making sure the VPN/Firewall has port 1433 open, is there
anything else required of the VPN to support traffic between SQL and
IIS#2?"
No.
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||Another question has arisen and we don't have a system in place
yet to determine the answer by trial and error.
When IIS6 on somedomain.com communicates with SQLServer2000 on
someotherdomain.net via a VPN, should the Connection String
specify the SQLServer by name with Standard Security:
"Data Source=OurSQLServer;Initial Catalog=pubs;User
Id=sa;Password=foo;"
Or should the Connection String use the IP address mode:
Data Source=xxx.xxx.xxx.xxx,1433;Network Library=DBMSSOCN;Initial
Catalog=pubs;User ID=sa;Password=foo;"
If the Connection String should use the IP address mode with
DBMSSOCN, should it specify the IP address of the firewall (and
let the firewall translate 1433 traffic to the SQLServer by NAT)
or should it specify the IP address of the actual SQL Server?
Thanks!
Timo|||So, if you're on the outside of the firewall, you're client machine has no
knowledge of how to resolve a netbios name on the
inside of the firewall. You should be able to use the IP address of the
firewall, and allow it to NAT to the internal server.
Otherwise, if you want to use the fqdn name, add an entry to your host
file, or lmhost file if you want to use the netbios name.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.