Sql connections problem after PIX upgrade to 8.0

Unanswered Question
Oct 22nd, 2008

after upgrading from version 7.2 to 8.0(4), clients couldn't connect to the database through the firewall using Toad software but they can connect using SQL.

I checked the firewall and found some dropped packets in inspect sqlnet.

I disabled sqlnet inspection and the clients can connect.

The next day some clients reported that the database applications isn't working, I checked the firewall and found some denied connections on ports other than 1521

What is the problem, Please help

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
abinjola Wed, 10/22/2008 - 09:35

There are known issues with SQLNET traffic traversing through the firewall on 8.0.4, one of the known issue CSCsu44598

Upgrade to

bahaaothman Thu, 10/23/2008 - 02:07

Please send me more details about these issues as I think 8.0(4)3 is the latest version

bahaaothman Sat, 10/25/2008 - 23:27

Nobody answered me

How do I know the latest versoin and where can I find information about this bug??


JORGE RODRIGUEZ Sun, 10/26/2008 - 09:30

Here is details, if you have cco access to download software see interim releases to get the codes , if not there you probably need to open a TAC case to get codes not shown in interim area. However, you have coupled of workaround seen down bellow , the quickest workaround is to disable sql inspection in your global policy to atleast get you up and running with sql.

CSCsu44598 Bug Details

SQLNet inspection closes flow


Issue with SQLNet access


Issue is seen with ASA 8.0(4) with SQLNet inspection enabled. Inspection

denies CLOB data field size of greater than 4KB. The following log messages

are seen on the ASA:

%ASA-6-302014: Teardown TCP connection...Flow closed by inspection

When enabling 'debug sqlnet 255 ', you may also see the following debug message:

SQLNet: multiple TNS frames in one packet!


1) Disable SQLNet inspection

2) Downgrade to a version prior to

Further Problem Description:

This bug was introduced due to the integration of CSCsr27940 in version and Versions prior to these release should not be affected.





3 - moderate


Cisco ASA 5500 Series Adaptive Security Appliances


1st Found-In









This Discussion