Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1605
Views
5
Helpful
4
Replies

Sql connections problem after PIX upgrade to 8.0

bahaaothman
Level 1
Level 1

‎10-22-2008 06:23 AM - edited ‎03-11-2019 07:01 AM

after upgrading from version 7.2 to 8.0(4), clients couldn't connect to the database through the firewall using Toad software but they can connect using SQL.

I checked the firewall and found some dropped packets in inspect sqlnet.

I disabled sqlnet inspection and the clients can connect.

The next day some clients reported that the database applications isn't working, I checked the firewall and found some denied connections on ports other than 1521

What is the problem, Please help

1 person had this problem
Labels:
0 Helpful
4 Replies 4

abinjola
Cisco Employee
Cisco Employee

‎10-22-2008 09:35 AM

There are known issues with SQLNET traffic traversing through the firewall on 8.0.4, one of the known issue CSCsu44598

Upgrade to 8.0.4.8

0 Helpful

bahaaothman
Level 1
Level 1
In response to abinjola

‎10-23-2008 02:07 AM

Please send me more details about these issues as I think 8.0(4)3 is the latest version

0 Helpful

bahaaothman
Level 1
Level 1
In response to bahaaothman

‎10-25-2008 11:27 PM

Nobody answered me

How do I know the latest versoin and where can I find information about this bug??

Thanks

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to bahaaothman

‎10-26-2008 09:30 AM

Here is details, if you have cco access to download software see interim releases to get the codes , if not there you probably need to open a TAC case to get codes not shown in interim area. However, you have coupled of workaround seen down bellow , the quickest workaround is to disable sql inspection in your global policy to atleast get you up and running with sql.

CSCsu44598 Bug Details

SQLNet inspection closes flow

Symptom:

Issue with SQLNet access

Conditions:

Issue is seen with ASA 8.0(4) with SQLNet inspection enabled. Inspection

denies CLOB data field size of greater than 4KB. The following log messages

are seen on the ASA:

%ASA-6-302014: Teardown TCP connection...Flow closed by inspection

When enabling 'debug sqlnet 255 ', you may also see the following debug message:

SQLNet: multiple TNS frames in one packet!

Workarounds:

1) Disable SQLNet inspection

2) Downgrade to a version prior to 8.0.3.33

Further Problem Description:

This bug was introduced due to the integration of CSCsr27940 in version

8.0.3.33 and 7.2.4.15. Versions prior to these release should not be affected.

Status

Fixed

(Resolved)

Severity

3 - moderate

Product

Cisco ASA 5500 Series Adaptive Security Appliances

Technology

1st Found-In

8.0(4)

Fixed-In

8.1(2.1)

8.2(0.161)

8.0(4.7)

7.2(4.17)

8.1(2.2)

Jorge Rodriguez
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card