Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
349
Views
0
Helpful
2
Replies

Oracle application having problem on PIX to ASA L2L tunnel.

netcraftjason
Level 1
Level 1

‎08-15-2007 01:25 AM - edited ‎02-21-2020 01:38 AM

Hi ALL,

My customer has performed a PIX migration to ASA5520 on last weekend. And the configuration on the new ASA5520 is almost the same as the original PIX515. There are several L2L vpn tunnel configuration on the ASA5520. After the migration, all VPN tunnel can establish without problem. But my customer found that their Oracle application running on one of the VPN tunnel has connectivity issue. This application did not have problem when in the original environment.

This VPN tunnel is a L2L tunnel between remote and main office. In remote office, the VPN endpoint is a PIX515E w/ OS 7.0(5). In main office is an ASA5520 with 7.2(2). The original firewall in main office is a PIX 515 w/ 7.0(5). The IPSec match address list is an IP network to IP network access list without port definition.

We found that the Oracle client on remote office can connect to the port opened on the Oracle server on main office. But after connected to the port on the server, the application will re-establish a new connection using random port between this client and server, and this new connection seems to not able to establish.

Anyone can tell me that is it possible to impact the Oracle application on this IPSec tunnel? The ACL is an IP to IP acl. What can I do to troubleshoot this issue? Why the issue rise on the new ASA implementation?

I'm looking forward to your reply! Please help!

Jason

0 Helpful
2 Replies 2

purohit_810
Level 5
Level 5

‎08-15-2007 04:37 AM

Hi,

Here is the end to end troubleshooting steps for L2L tunnel.

Please check debug commands carefully you will get your key point where is troubble.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

Regards,

Dharmesh Purohit

0 Helpful

mrSS
Level 1
Level 1

‎08-24-2007 11:44 AM

hello jason...

did you solve this issue?...we have a similar problem going from a vpn concentrator to a juniper netscreen box...oracle cant connect as well...

thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card