ASA and Oracle 10.x sqlnet protocol

r.spiandorello · ‎08-06-2007

Hi, do you know about incompatibility between oracle 10.x on linux and ASA 7.2.x version ?

The same application runs with PIX 6.3(4)

thank you in advance, but with ASA the session allows traffic flow but remains in idle state after particular commands.

How to avoid it ?

greatings

RS

r.spiandorello · ‎08-08-2007

Hi, do you think the new 7.0(7) ASA GD version could solve the incompatibility ?

Could it be an MSS related matter ?

thanks

r.spiandorello · ‎08-09-2007

Hi, looking in CS-MARS syslog server I've found some "deny connection - no xlate" to the sqlnet destination port and some "Deny packet due to security polixy" to high ports of related connections.

Could it be related to sqlnet inspection ?

tkanks

r.spiandorello · ‎08-09-2007

Hi, I've found the matter happens only when the sql*net session remains on the tcp 1521 port.

In other words, the idle session happens when the listener doesn't request a redirection (with a redirect command).

thanks in advance

RS

diogo · ‎08-15-2007

I believe its is a problem relate to the SQLNET fixup.

I'm having a similar problem with the FWSM inspect for sqlnet.

one solution would be to disable the fixup and permit all used ports for sqlnet. Not only the initial 1521, but all the ranga that is open after the initial negotiation..

r.spiandorello · ‎08-24-2007

hi, all IP protocol is opened, after the sql*net acl, but nothing.

Now I'm looking for the 1521 port persistence, in other words no redirect sql command found.

gatings