DMZ to LAN backup of web server through CIsco PIX firewall

[timba]

My client has a IIS 5.x running on a Windows 2000 server (service pack 4). Cient has discovered that the macimum concurrent users that can be attached to a website on this server is 10. Is there a way to increase the number of concurrent users allowed?

The above-discribed sever is attached to the DMZ port of a Cisco PIX firewall There is also a server (domain controller), attached to the LAN (inside) port of the PIX, on which is running Symantec Backup Exec. The client would like to backup the web server's data, using Backup Exec. Most likely a Backup Exec Remote Agent would have to be installed on the web (IIS) server. The questions are: 1) is it possible to back up a server on the DMZ in the manner descibed above? 2) if it is possible, what entries are needed in the access control list of the PIX firewall to allow that backup job to proceed?

 

[Zakkas]

Hi,

It sounds to me that your issue with IIS might be a user licensing issue for the application that is using the IIS server.

As for backing up with web server, it is possible but you will need to configure the access-list that is applied to the dmz interface so that it will permit traffic from the web server to the ip address of your domain controller where you want the backup to be placed. No matter what configuration you have the LAN port on your PIX will have access to the DMZ but the DMZ needs to have access-list statements permitting it to certain IP addresses on the LAN on certain ports. In this case it would be the ports your backup exec application uses to perform backups.