ASA and Oracle 10.x sqlnet protocol

Unanswered Question
Aug 6th, 2007

Hi, do you know about incompatibility between oracle 10.x on linux and ASA 7.2.x version ?

The same application runs with PIX 6.3(4)

thank you in advance, but with ASA the session allows traffic flow but remains in idle state after particular commands.

How to avoid it ?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
r.spiandorello Wed, 08/08/2007 - 04:23

Hi, do you think the new 7.0(7) ASA GD version could solve the incompatibility ?

Could it be an MSS related matter ?


r.spiandorello Thu, 08/09/2007 - 00:43

Hi, looking in CS-MARS syslog server I've found some "deny connection - no xlate" to the sqlnet destination port and some "Deny packet due to security polixy" to high ports of related connections.

Could it be related to sqlnet inspection ?


r.spiandorello Thu, 08/09/2007 - 05:35

Hi, I've found the matter happens only when the sql*net session remains on the tcp 1521 port.

In other words, the idle session happens when the listener doesn't request a redirection (with a redirect command).

thanks in advance


diogo Wed, 08/15/2007 - 03:44

I believe its is a problem relate to the SQLNET fixup.

I'm having a similar problem with the FWSM inspect for sqlnet.

one solution would be to disable the fixup and permit all used ports for sqlnet. Not only the initial 1521, but all the ranga that is open after the initial negotiation..

r.spiandorello Fri, 08/24/2007 - 05:05

hi, all IP protocol is opened, after the sql*net acl, but nothing.

Now I'm looking for the 1521 port persistence, in other words no redirect sql command found.



This Discussion