Oracle ports for the ASA

Unanswered Question


I'm trying to connect an Oracle client to a Oracle database.

The connection is form the client (in the outside) to the database (in the inside).

I have open the ports of the SQL and >1024 from the outside to the inside.

The thing is that while a time of innactivity, the client show errors of disconnection (ORA03113, ORA03114 & disconnected from Oracle)

The thing is:

The ASA shut innactive TCP connections? I can disable this shutdown from the ASA for this connection?

There is a need of openning ports from the database to the client (from the inside to the outside)?

Thanks . Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.7 (3 ratings)
Danilo Dy Thu, 10/04/2007 - 06:46
User Badges:
  • Blue, 1500 points or more


I've seen this problem in ASA/PIX and Juniper (not yet in CheckPoint). You need to adjust the firewall default timeout value for inactive session. Different firewall (vendor) different default timeout value.

If you disable them, they will set to default value.



Danilo Dy Thu, 10/04/2007 - 07:14
User Badges:
  • Blue, 1500 points or more


No, don't disable it. If you disable it, it will set to default value. I think its disable by default (and uses all default value). You need to enable and increase the value.

I don't remember seeing a specific setting for Oracle. I did see about 12 or more settings that ICMP, UDP, Connection, SUN RPC, Authentication, SIP, etc..

If you use ASDM, it's located in Configuration + (I think Properties) + Timeout

You need to read and understand the guide for setting the timeout, ASDM comes with an online guide - surely the timeout settings are there. Understanding it will make you find the right setting for Oracle as I said I didn't see a specific settings for Oracle, it might be the "Connection". Don't change all at once.



richwilson Fri, 10/05/2007 - 21:28
User Badges:

We had the same issue when we had our old PIX 535 running 6.3.5 In 6.3.5 there was no way to adjust timeout values for specific applications. The only option was to adjust the global default timeout values for tcp sessions. When we upgraded to our ASA5550 platform we were able to setup specific timout values all sessions for our Oracle remote servers. There is a good example on the Cisco web page on how to do this. This can be done through a class-map & policy-map setup.


This Discussion