11-09-2009 05:25 AM - edited 03-11-2019 09:37 AM
Hi,
I have two locations and these two sites are connected with site-to-site vpn. One site has ASA firewall and other site is checkpoint ADSL. When the checkpoint side tries to reach a server in other side it can ping but the application cannot connect and I see the error in asa logs. What can be the problem ?
Thanks
Terminating TCP-Proxy connection from WAN_ADSL:x.x.x.x to LAN:y.y.y.y - reassembly limit of 8192 bytes exceeded
Teardown TCP-PROXY connection from WAN_ADSL:x.x.x.x to LAN:y.y.y.y duration 0:00:01 bytes 22320 Flow closed by inspection
11-09-2009 06:46 AM
This message is displayed when reassembly buffer limit is exceeded during assembling TCP segments.
What protocol is the app using, what ports? Amybe disabling the corresponding inspection for that protocol would help.
I hope it helps.
PK
11-09-2009 06:49 AM
It is Oracle and using 1521 tcp.
I disabled sqlnet inspection but it didnt worked. Now I will upgrade the asa image and try again.
11-10-2009 06:39 AM
Yes, slq uses TCP port 1521.
Whate version of ASA are you using?
If you translating the ip address if the sql traffic then it won't work without inspection.
PK
11-10-2009 06:40 AM
Some 8.0 versions had some sql issues that were fixed in later versions.
If this ends up needing troubleshooting please open a case with TAC to look at it.
PK
11-10-2009 06:58 AM
I solved the problem by upgrading to latest version and removing sql inspection.
11-10-2009 09:27 AM
I have the following question for Cisco Folks regarding sqlnet inspection.
About 99% of my Pix/ASA firewall deployment that involves sqlnet, I have to disable inspection on the firewall for it to work properly. What is the point of enabling this feature if it is causing nothing but headache.
Thanks. David
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide