We've got a relatively simple web app hosted on an EC2 instance on AWS running on IIS/.NET that talks to an on-prem SQL Server. I realize it would be a lot better if the SQL database could be hosted on AWS, but it can't. Anyway, we've got the SQL Server NAT'd in our on-prem ASA with a public IP address that is restricted to only the EC2 instance's IP address.
If the database is on the default instance on SQL using port 1433, everything is great. If we move it to a non-default instance with a different port, it times out and never connects. It appears to be a problem with the NAT translation, but heck if we can find the problem. We installed SQL Management Studio on the EC2 VM and it does the same thing. Connects to the default instance, but not the named instance.
On-prem, you can connect to the SQL Server just fine with both a test install of the app as well as Management Studio on either SQL instance. The software vendor says "What's AWS?" and pretty stops there, never mind that as far as the application goes it's just a VM. It's [b]GOT[/b] to be the ASA. As it stands right now, it is configured as:
On-prem SQL ->NAT'd to the public IP with "any" port open for traffic to/from the EC2 IP.
The EC2 instance has an AWS firewall (not the Windows Firewall) that is configured to allow all traffic to/from the SQL Server's NAT'd public IP.
Still won't work. Logs from the ASA aren't helpful. Wireshark on the web server instance isn't helpful either. We opened up all ports for troubleshooting, it won't stay that once we get this issue resolved. Any ideas?
No comments:
Post a Comment