Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

fwsm oracle issue

Hey All,

I have a strange issue in regards to our fwsm and an Oracle RAC deployment. See scenario below:

FWSM in transparent mode running 3.2(10) code.

Context name = backup

inside interface = vlan 10 (security level 100) ****same addressing on both sides ie 192.168.2.X****

outside interface = vlan 20 (security level 0) ***** same addressing on both sides ie 192.168.2.X*****

This is a temporary setup while we transition our equipment off of the old infrastructure to the new one. Everything work with this setup, but certain parts of the Oracle RAC cannot create a new listener for the cluster when one box is on vlan 10 and the other is on vlan 20. I've wiresharked the interfaces on either side and nothing jumps out at me, but not knowing how the oracle application really works makes it hard to look through wireshark.

Server 1 = (vlan 10)

Server 2 = (vlan 10)

Server 3 = (vlan 20)

When I do a show conn from the context I see connections from SERVER 3 to server 1 and server 2 UDP and TCP. When I do a show xlate I see server 1 and server 2, but NO server 3.

That seems really wierd to me, so I'm wondering if anyone has any ideas on what may be happening. The acl right now is fully open in each direction and all other applications/resources seem to be working, just not the oracle listener part.



Everyone's tags (5)
Cisco Employee

Re: fwsm oracle issue

You wouldn't see server 3 as it is on the outside - lower security.

As far as why the oracle listener isn't working we really need to look at the logs and captures during the time it breaks.

Is this flow going through sqlnet inspection?

Issue "sh service-policy" and check the inspections enabled.

If enabled try to disable and see if the flow would work.


CreatePlease to create content