Inspect sqlnet ASA Release 8.0.3.19

Unanswered Question
Jul 9th, 2008

Hi, since we updated our ASA 5550 to 8.0.3.19 we're having problems with our SQLNET (port 1521 with Oracle SQL servers) connections to our DMZ Servers. The connections drops often. On Some servers we cannot connect at all. But nothing at all in the logs, no drops.

After we disabled "inspect sqlnet" it works fine. But that's may not the way it should be.

Has anybody else problems with sqlnet and Release 8.0.3.19? With Release 8.0.2.x it worked fine.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.5 (2 ratings)
Loading.
smahbub Tue, 07/15/2008 - 06:06

To enable Oracle SQL*Net application inspection, use the inspect sqlnet command in class configuration mode. Class configuration mode is accessible from policy map configuration mode. To remove the configuration, use the no form of this command.

msdesai11 Wed, 08/13/2008 - 13:10

Hi

Yes, there is bug related the SQL inspect and ASA (failover mode):

Please look at bug details:

CSCsr06900 Bug Details

watchdog failure in sqlnet inspection engine

Symptom:

A PIX or ASA firewall running 8.0.x code may crash and reload citing the Dispatch Unit thread as the crashing thread.

Conditions:

This occurs on versions of ASA and PIX firewall code prior to 8.0.3.25.

Workaround:

None at this time Status

Fixed

Severity

1 - catastrophic

Last Modified

In Last 3 Days

Product

Cisco ASA 5500 Series Adaptive Security Appliances

Technology

1st Found-In

8.0(3.25)

Fixed-In

8.1(1.8)

8.0(3.29)

8.2(0.136)

8.1(101.3)

8.1(101.4)

8.2(0.140)

Related Bug Information

Crash in 8.0.3.20 with SQLNET Inspection and Failover enabled

Symptom: Crash causing a reload on the active unit in a failover pair. Conditions: Enabling failover with 8.0.3.20 and SQLNET inspection enabled. Workaround: Downgrade to 8.0.3.18 or lower.

HTH

MD

francois.beauno... Fri, 09/26/2008 - 10:29

Hi Guys,

We are running 8.0.4 and we are also experiencing problems with the SQLNET inspection. My firewalls are in context mode and failover are active/active. We are able to connect to a DB and open a his table through SQL Net Client but if we used ODBC Connector, it's not working. We can connect to the DB but are unable to open tables. The result his a status message, ORA-03123, from Oracle. If i disabled SQLNet inspection everything his working fine.

If u have any clue, let me know.

Thanks

harvidsson Mon, 09/29/2008 - 02:47

Hi Francois,

I guessed you runed into this bug CSCsu44598. I will open an TAC request and ask, when and in what release there will be an fix for this issue.

Thanks

Henric

msdesai Sun, 10/05/2008 - 16:38

According to TAC, this will be fix in 8.0.4.6

HTH

MD

Actions

This Discussion